ELSA-2025-23241

ULN >
Oracle Linux Errata repository >
ELSA-2025-23241

ELSA-2025-23241 - kernel security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-12-18

Description

[5.14.0-611.16.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

[5.14.0-611.16.1]
- CVE-2025-38499 kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Abhi Das) [RHEL-129261] {CVE-2025-38499}
- tls: wait for pending async decryptions if tls_strp_msg_hold fails (CKI Backport Bot) [RHEL-128860] {CVE-2025-40176}

[5.14.0-611.15.1]
- nbd: override creds to kernel when calling sock_{send,recv}msg() (Ming Lei) [RHEL-123845]
- scsi: lpfc: avoid crashing in lpfc_nlp_get() if lpfc_nodelist was freed (Ewan D. Milne) [RHEL-127982]
- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (Ewan D. Milne) [RHEL-127982]
- crypto: ccp - Always pass in an error pointer to __sev_platform_shutdown_locked() (Lenny Szubowicz) [RHEL-70006]
- crypto: ccp - Fix SNP panic notifier unregistration (Lenny Szubowicz) [RHEL-70006]
- crypto: ccp - Fix dereferencing uninitialized error pointer (Lenny Szubowicz) [RHEL-70006]
- crypto: ccp - Fix __sev_snp_shutdown_locked (Lenny Szubowicz) [RHEL-70006]
- crypto: ccp - Move SEV/SNP Platform initialization to KVM (Lenny Szubowicz) [RHEL-70006]
- KVM: SVM: Add support to initialize SEV/SNP functionality in KVM (Lenny Szubowicz) [RHEL-70006]
- crypto: ccp - Add new SEV/SNP platform shutdown API (Lenny Szubowicz) [RHEL-70006]
- crypto: ccp - Register SNP panic notifier only if SNP is enabled (Lenny Szubowicz) [RHEL-70006]
- crypto: ccp - Reset TMR size at SNP Shutdown (Lenny Szubowicz) [RHEL-70006]
- crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (Lenny Szubowicz) [RHEL-70006]
- crypto: ccp - Move dev_info/err messages for SEV/SNP init and shutdown (Lenny Szubowicz) [RHEL-70006]
- crypto: ccp - Abort doing SEV INIT if SNP INIT fails (Lenny Szubowicz) [RHEL-70006]

[5.14.0-611.14.1]
- iommufd: Fix race during abort for file descriptors (Eder Zulian) [RHEL-123786] {CVE-2025-39966}

Related CVEs

CVE-2025-38499

CVE-2025-39966

CVE-2025-40176

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	kernel-5.14.0-611.16.1.el9_7.src.rpm	983f92ecd148a92072e3b3cab1fce5e50855253662994f2b15deb787321da782	-	ol9_aarch64_appstream
	kernel-5.14.0-611.16.1.el9_7.src.rpm	983f92ecd148a92072e3b3cab1fce5e50855253662994f2b15deb787321da782	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-611.16.1.el9_7.src.rpm	983f92ecd148a92072e3b3cab1fce5e50855253662994f2b15deb787321da782	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-611.16.1.el9_7.src.rpm	983f92ecd148a92072e3b3cab1fce5e50855253662994f2b15deb787321da782	-	ol9_aarch64_u7_baseos_patch
	kernel-cross-headers-5.14.0-611.16.1.el9_7.aarch64.rpm	2e60ede6dfc5b91a70f9d14bd5130775c15cdede9bc67d75451f72be93dabcd4	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-611.16.1.el9_7.aarch64.rpm	24d0050fed147e2f8e015ec0511d36454f43d4b74feefefb01871314d5085808	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-611.16.1.el9_7.aarch64.rpm	516e66d88dc7bf117a3ddfd32478d33189f9cb3f05f03ce3f4cae597fa5a93c7	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-611.16.1.el9_7.aarch64.rpm	516e66d88dc7bf117a3ddfd32478d33189f9cb3f05f03ce3f4cae597fa5a93c7	-	ol9_aarch64_u7_baseos_patch
	kernel-tools-libs-5.14.0-611.16.1.el9_7.aarch64.rpm	0e7ceed29b4b671c30d6dc1a99529c9c13d78bb2aa5023375a07b5342c5edd19	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-611.16.1.el9_7.aarch64.rpm	0e7ceed29b4b671c30d6dc1a99529c9c13d78bb2aa5023375a07b5342c5edd19	-	ol9_aarch64_u7_baseos_patch
	kernel-tools-libs-devel-5.14.0-611.16.1.el9_7.aarch64.rpm	9fd34b2b3f658ddaedaeae84c267cb1d7de9c4255f0b1d2393c7070cc55945d1	-	ol9_aarch64_codeready_builder
	libperf-5.14.0-611.16.1.el9_7.aarch64.rpm	d742062107a895306040cc69fc6ee61f937298f3edbdf1d0663f4ed98de66ef0	-	ol9_aarch64_codeready_builder
	perf-5.14.0-611.16.1.el9_7.aarch64.rpm	b07287dcb8a6c5a44f96e1e5340aca07cb3b7fb855291fa80a639beb13990fe1	-	ol9_aarch64_appstream
	python3-perf-5.14.0-611.16.1.el9_7.aarch64.rpm	95b4014752e81b3dc67c2d6a0db8762c89b3413aaa0c38def80f17b58f2ceb6a	-	ol9_aarch64_appstream
	rtla-5.14.0-611.16.1.el9_7.aarch64.rpm	3a09f81dcd26e91abc40e105af276890a5b993d6319bf334655883d2b4c4a715	-	ol9_aarch64_appstream
	rv-5.14.0-611.16.1.el9_7.aarch64.rpm	04b94542f328050fddfdb629d82425291ffa5c98e0fc4477f69e0bae72b508b6	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	kernel-5.14.0-611.16.1.el9_7.src.rpm	983f92ecd148a92072e3b3cab1fce5e50855253662994f2b15deb787321da782	-	ol9_x86_64_appstream
	kernel-5.14.0-611.16.1.el9_7.src.rpm	983f92ecd148a92072e3b3cab1fce5e50855253662994f2b15deb787321da782	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-611.16.1.el9_7.src.rpm	983f92ecd148a92072e3b3cab1fce5e50855253662994f2b15deb787321da782	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-611.16.1.el9_7.src.rpm	983f92ecd148a92072e3b3cab1fce5e50855253662994f2b15deb787321da782	-	ol9_x86_64_u7_baseos_patch
	kernel-5.14.0-611.16.1.el9_7.x86_64.rpm	f20618d9f445975bfedafa6231f756cfd7d002d8ea735e51ebd4a9ae8ca676a3	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-611.16.1.el9_7.x86_64.rpm	f20618d9f445975bfedafa6231f756cfd7d002d8ea735e51ebd4a9ae8ca676a3	-	ol9_x86_64_u7_baseos_patch
	kernel-abi-stablelists-5.14.0-611.16.1.el9_7.noarch.rpm	097f926d06af7defff2c761e2094001bea4d9e9294b255009678f7961531c877	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-611.16.1.el9_7.noarch.rpm	097f926d06af7defff2c761e2094001bea4d9e9294b255009678f7961531c877	-	ol9_x86_64_u7_baseos_patch
	kernel-core-5.14.0-611.16.1.el9_7.x86_64.rpm	958673a7cb0e03940bd1b59c2b1494f0905a895954d56bb2a5e1c157e9f52856	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-611.16.1.el9_7.x86_64.rpm	958673a7cb0e03940bd1b59c2b1494f0905a895954d56bb2a5e1c157e9f52856	-	ol9_x86_64_u7_baseos_patch
	kernel-cross-headers-5.14.0-611.16.1.el9_7.x86_64.rpm	9789d737667f71c0ac3e54ff1a28e94cbb09f143d312131ab8ebbe407c50a182	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-611.16.1.el9_7.x86_64.rpm	6df77b7a73c9159c95addbf505ace99bf6d46850c1b6d36f40fa1ca64cabd9f4	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-611.16.1.el9_7.x86_64.rpm	6df77b7a73c9159c95addbf505ace99bf6d46850c1b6d36f40fa1ca64cabd9f4	-	ol9_x86_64_u7_baseos_patch
	kernel-debug-core-5.14.0-611.16.1.el9_7.x86_64.rpm	6150df69f6810d124bef36e7a4962d5f2772bb572e4f758f9390f0153636dd86	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-611.16.1.el9_7.x86_64.rpm	6150df69f6810d124bef36e7a4962d5f2772bb572e4f758f9390f0153636dd86	-	ol9_x86_64_u7_baseos_patch
	kernel-debug-devel-5.14.0-611.16.1.el9_7.x86_64.rpm	19c0ee8842fe2d3b8b800b6aa45cc6ce61fe2aae320cf2524a74ac5aadd7ff8b	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-611.16.1.el9_7.x86_64.rpm	bed27301fbe87ec9f16042be330dc7bd3dbaf76446eca9882646ffdfa5789fb4	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-611.16.1.el9_7.x86_64.rpm	39996b9bc171762ea72f6f03abbeef02be06113af4a8c0548056102587681ea9	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-611.16.1.el9_7.x86_64.rpm	39996b9bc171762ea72f6f03abbeef02be06113af4a8c0548056102587681ea9	-	ol9_x86_64_u7_baseos_patch
	kernel-debug-modules-core-5.14.0-611.16.1.el9_7.x86_64.rpm	335469e2c61589609e6b2de05a136fe72f5c026282c3f86891424587cbe2c39c	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-611.16.1.el9_7.x86_64.rpm	335469e2c61589609e6b2de05a136fe72f5c026282c3f86891424587cbe2c39c	-	ol9_x86_64_u7_baseos_patch
	kernel-debug-modules-extra-5.14.0-611.16.1.el9_7.x86_64.rpm	14255c47b47c38746fd7030e48a97afb7c18300e3b92976e8a7554dc3a1335a4	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-611.16.1.el9_7.x86_64.rpm	14255c47b47c38746fd7030e48a97afb7c18300e3b92976e8a7554dc3a1335a4	-	ol9_x86_64_u7_baseos_patch
	kernel-debug-uki-virt-5.14.0-611.16.1.el9_7.x86_64.rpm	8cabb8974b13ca347203865415f26e1b17f8ce53ae297622d19dfd3918367910	-	ol9_x86_64_baseos_latest
	kernel-debug-uki-virt-5.14.0-611.16.1.el9_7.x86_64.rpm	8cabb8974b13ca347203865415f26e1b17f8ce53ae297622d19dfd3918367910	-	ol9_x86_64_u7_baseos_patch
	kernel-devel-5.14.0-611.16.1.el9_7.x86_64.rpm	d3cd98dab402a0a1e4d9db9c877efc9af9b000048dabfca0efd9b0f045e40df6	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-611.16.1.el9_7.x86_64.rpm	978e12a2da06fd912be37a735a42b6c8ed4733ab3bab7a84d7c56017e6304fca	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-611.16.1.el9_7.noarch.rpm	19c9fd4884575294b17d64b77bab4683b5fdff518639d1761fa706da96d123a3	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-611.16.1.el9_7.x86_64.rpm	e25e6f29cb65a714062f169809d7bd69d9470b445256843bb3e5f50e1cb6fc2a	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-611.16.1.el9_7.x86_64.rpm	0a9229f68989fe7968475735c8748c2238394c122d43e9e61b6f8747313fd2fb	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-611.16.1.el9_7.x86_64.rpm	0a9229f68989fe7968475735c8748c2238394c122d43e9e61b6f8747313fd2fb	-	ol9_x86_64_u7_baseos_patch
	kernel-modules-core-5.14.0-611.16.1.el9_7.x86_64.rpm	eb234385a932150fdd56d54abd95a7811236d18d3d8819928d61a85ecfac86d0	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-611.16.1.el9_7.x86_64.rpm	eb234385a932150fdd56d54abd95a7811236d18d3d8819928d61a85ecfac86d0	-	ol9_x86_64_u7_baseos_patch
	kernel-modules-extra-5.14.0-611.16.1.el9_7.x86_64.rpm	c51d93c893bc8eed399572d81517dbdb12a1b6ab85fab2ba63fa7263fa9004aa	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-611.16.1.el9_7.x86_64.rpm	c51d93c893bc8eed399572d81517dbdb12a1b6ab85fab2ba63fa7263fa9004aa	-	ol9_x86_64_u7_baseos_patch
	kernel-tools-5.14.0-611.16.1.el9_7.x86_64.rpm	7d2617676b24a0d6c78b14171f2bbed046e755bd5e57e3e0844b6213dd5322d8	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-611.16.1.el9_7.x86_64.rpm	7d2617676b24a0d6c78b14171f2bbed046e755bd5e57e3e0844b6213dd5322d8	-	ol9_x86_64_u7_baseos_patch
	kernel-tools-libs-5.14.0-611.16.1.el9_7.x86_64.rpm	7cd43835904270755ff8d3746dbd5e4bc89f79e84b8434763ac03a3749b35290	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-611.16.1.el9_7.x86_64.rpm	7cd43835904270755ff8d3746dbd5e4bc89f79e84b8434763ac03a3749b35290	-	ol9_x86_64_u7_baseos_patch
	kernel-tools-libs-devel-5.14.0-611.16.1.el9_7.x86_64.rpm	3fe7c915acf1a8d4cb6ad79a532af51ff5a9bf3bd68469b1282678226c1af5c6	-	ol9_x86_64_codeready_builder
	kernel-uki-virt-5.14.0-611.16.1.el9_7.x86_64.rpm	de9402793c0e352e8239df2c2a05c1e0bf9bb498768ef50b628e023dd021c7a5	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-5.14.0-611.16.1.el9_7.x86_64.rpm	de9402793c0e352e8239df2c2a05c1e0bf9bb498768ef50b628e023dd021c7a5	-	ol9_x86_64_u7_baseos_patch
	kernel-uki-virt-addons-5.14.0-611.16.1.el9_7.x86_64.rpm	40de0c7036654ac0f40a054f295b6ef600d7f886927fbf3e266933af9e8c4596	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-addons-5.14.0-611.16.1.el9_7.x86_64.rpm	40de0c7036654ac0f40a054f295b6ef600d7f886927fbf3e266933af9e8c4596	-	ol9_x86_64_u7_baseos_patch
	libperf-5.14.0-611.16.1.el9_7.x86_64.rpm	d4152274bd776b430cc631ce9773abb0a47fe3f2baec61873c8a2be02d318322	-	ol9_x86_64_codeready_builder
	perf-5.14.0-611.16.1.el9_7.x86_64.rpm	21c026d6ff6c9d188d31105f79731df3cfdf6c127778201de9b84c0d42013c16	-	ol9_x86_64_appstream
	python3-perf-5.14.0-611.16.1.el9_7.x86_64.rpm	c3014e82ca292c3015583972465c234b330c42387590cfc4b67c7b503bbedd65	-	ol9_x86_64_appstream
	rtla-5.14.0-611.16.1.el9_7.x86_64.rpm	c9fdb7c15582a9c8895be242e7b3f07cd02b5ea51e61bb244639df6de600868a	-	ol9_x86_64_appstream
	rv-5.14.0-611.16.1.el9_7.x86_64.rpm	e69e3b188abbfdc1addf2ea61606b84e9e0574631714b9e07f1364b01372b27a	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691