ELSA-2025-20406

ULN >
Oracle Linux Errata repository >
ELSA-2025-20406

ELSA-2025-20406 - Unbreakable Enterprise kernel security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2025-07-07

Description

[5.4.17-2136.344.4.3]
- Add Zen34 clients (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- x86/process: Move the buffer clearing before MONITOR (Kim Phillips) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- KVM: SVM: Advertize TSA CPUID bits to guests (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Add a Transient Scheduler Attacks mitigation (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Rename MDS machinery to something more generic (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- x86/CPU/AMD: Add ZenX generations flags (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits (Boris Ostrovsky) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel (Alexandre Chartre) [Orabug: 38129010]
- selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
- x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
- x86/its: Add 'vmexit' option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
- x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
- x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
- x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
- x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
- Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}

Related CVEs

CVE-2024-28956

CVE-2024-36350

CVE-2024-36357

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (x86_64)	kernel-uek-5.4.17-2136.344.4.3.el7uek.src.rpm	ed2efe1e334d17b394efeac2470aaff9312f66075d29c63483d291155048b910	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-5.4.17-2136.344.4.3.el7uek.x86_64.rpm	327bf3d1bd939843ebb92f17b5b9f74dfb16aec9e818b2aa3874caf62ff5168b	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-container-5.4.17-2136.344.4.3.el7uek.x86_64.rpm	5af84372567bf61a35c92bcbed581c01dfe90bf10659f9aeb073931ba549fb81	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-container-debug-5.4.17-2136.344.4.3.el7uek.x86_64.rpm	65ad75d23df3168cafefc515b10c8deffe098e2d488cc0ebca87e63246c194a9	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-debug-5.4.17-2136.344.4.3.el7uek.x86_64.rpm	aa8c3e39e82877f827238e2f6cb6309dc028a51438b0a5d8425544d076b440e7	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-debug-devel-5.4.17-2136.344.4.3.el7uek.x86_64.rpm	2b0ed0b6b1307f4588916c721c7f26ebd5af18e79dca4f0e8a86e2b6687ab3cf	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-devel-5.4.17-2136.344.4.3.el7uek.x86_64.rpm	f30e134964b931e93289515d4b4b3d38795a78c7dd5f740fec2f69953ff504f2	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-doc-5.4.17-2136.344.4.3.el7uek.noarch.rpm	ab04f45c547361e5448dd0f6d6ce6ed2f10df38b28e19cfabebc1bd8a080fff7	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-tools-5.4.17-2136.344.4.3.el7uek.x86_64.rpm	b5a8867b78ffe342464dc7bae445e1adc190592908d088962b0dc9645b7717e1	-	ol7_x86_64_UEKR6_ELS

Oracle Linux 8 (aarch64)	kernel-uek-5.4.17-2136.344.4.3.el8uek.src.rpm	57e8ad0a3fc21081053f1312fa83f215a64dc44b2bb65bde5f49abc38be341ef	-	ol8_aarch64_baseos_latest
	kernel-uek-5.4.17-2136.344.4.3.el8uek.src.rpm	57e8ad0a3fc21081053f1312fa83f215a64dc44b2bb65bde5f49abc38be341ef	-	ol8_aarch64_u10_baseos_patch
	kernel-uek-5.4.17-2136.344.4.3.el8uek.aarch64.rpm	902672cc42bc54e1f8b4d478cc37aa14a19b4d6e3825ae7cb7e08f676599794e	-	ol8_aarch64_baseos_latest
	kernel-uek-5.4.17-2136.344.4.3.el8uek.aarch64.rpm	902672cc42bc54e1f8b4d478cc37aa14a19b4d6e3825ae7cb7e08f676599794e	-	ol8_aarch64_u10_baseos_patch
	kernel-uek-debug-5.4.17-2136.344.4.3.el8uek.aarch64.rpm	d35aeb1e6e04858e889580c7ee30d8cc2cbd509a209aaf6fa1537cb4e4eb9229	-	ol8_aarch64_baseos_latest
	kernel-uek-debug-5.4.17-2136.344.4.3.el8uek.aarch64.rpm	d35aeb1e6e04858e889580c7ee30d8cc2cbd509a209aaf6fa1537cb4e4eb9229	-	ol8_aarch64_u10_baseos_patch
	kernel-uek-debug-devel-5.4.17-2136.344.4.3.el8uek.aarch64.rpm	fa70f1dd83f92e36e9811b73d1acbd46536b4262a8ea8c567dabdb1053cdb11f	-	ol8_aarch64_baseos_latest
	kernel-uek-debug-devel-5.4.17-2136.344.4.3.el8uek.aarch64.rpm	fa70f1dd83f92e36e9811b73d1acbd46536b4262a8ea8c567dabdb1053cdb11f	-	ol8_aarch64_u10_baseos_patch
	kernel-uek-devel-5.4.17-2136.344.4.3.el8uek.aarch64.rpm	0b00b835cacfa8fdac0f7f7b6704acb6eb4f7a00f5067f0571f5e15a46ec1393	-	ol8_aarch64_baseos_latest
	kernel-uek-devel-5.4.17-2136.344.4.3.el8uek.aarch64.rpm	0b00b835cacfa8fdac0f7f7b6704acb6eb4f7a00f5067f0571f5e15a46ec1393	-	ol8_aarch64_u10_baseos_patch
	kernel-uek-doc-5.4.17-2136.344.4.3.el8uek.noarch.rpm	806c05dc703101d5972f28258650c8b3fe06e97781be85217eb9036877a794d0	-	ol8_aarch64_baseos_latest
	kernel-uek-doc-5.4.17-2136.344.4.3.el8uek.noarch.rpm	806c05dc703101d5972f28258650c8b3fe06e97781be85217eb9036877a794d0	-	ol8_aarch64_u10_baseos_patch

Oracle Linux 8 (x86_64)	kernel-uek-5.4.17-2136.344.4.3.el8uek.src.rpm	57e8ad0a3fc21081053f1312fa83f215a64dc44b2bb65bde5f49abc38be341ef	-	ol8_x86_64_UEKR6
	kernel-uek-5.4.17-2136.344.4.3.el8uek.x86_64.rpm	d7be5f5668556adf3ddc12a097b405216448b65fdd415e1be60e035916eca706	-	ol8_x86_64_UEKR6
	kernel-uek-container-5.4.17-2136.344.4.3.el8uek.x86_64.rpm	9149ac1c30cdc05da1ad2007f25afac8178165819577552aec86888fc39af0be	-	ol8_x86_64_UEKR6
	kernel-uek-container-debug-5.4.17-2136.344.4.3.el8uek.x86_64.rpm	3701b0630ad9300b2ea9f12028344956978ed99b4a513bc7ff50dd3fc220de8b	-	ol8_x86_64_UEKR6
	kernel-uek-debug-5.4.17-2136.344.4.3.el8uek.x86_64.rpm	e74c17cb61e17e356896fddc8966a6a0330817339dc1471f9fc3eb8cb6f08acd	-	ol8_x86_64_UEKR6
	kernel-uek-debug-devel-5.4.17-2136.344.4.3.el8uek.x86_64.rpm	61596c017fa723f36ed81fa0c67dd60ab966d92ad99b3299aa6622c498a759f1	-	ol8_x86_64_UEKR6
	kernel-uek-devel-5.4.17-2136.344.4.3.el8uek.x86_64.rpm	9fdb3e57ac1876b88c974ee08209d1079e06835ce49a8d8f98a8cfb6af1e87fb	-	ol8_x86_64_UEKR6
	kernel-uek-doc-5.4.17-2136.344.4.3.el8uek.noarch.rpm	806c05dc703101d5972f28258650c8b3fe06e97781be85217eb9036877a794d0	-	ol8_x86_64_UEKR6

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691