ELSA-2025-25755
- ULN >
- Oracle Linux Errata repository >
- ELSA-2025-25755
ELSA-2025-25755 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2025-11-10 |
Description
[5.4.17-2136.349.3.1]
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38604171] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Justin Bronder) [Orabug: 38604171] {CVE-2025-39973}
[5.4.17-2136.349.3]
- Revert 'net/mlx5e: Update and set Xon/Xoff upon MTU set' (Jakub Kicinski) [Orabug: 38545204]
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (Sean Christopherson) [Orabug: 38494247]
- rds: Free all frags when rds_ib_recv_cache_put() fails (Hans Westgaard Ry) [Orabug: 38492234]
[5.4.17-2136.349.2]
- bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags (Alan Maguire) [Orabug: 36699199]
[5.4.17-2136.349.1]
- NFSv4: Don't clear capabilities that won't be reset (Trond Myklebust)
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (H. Nikolaus Schaller)
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (H. Nikolaus Schaller)
- usb: hub: Fix flushing of delayed work used for post resume purposes (Mathias Nyman)
- soc: qcom: mdt_loader: Deal with zero e_shentsize (Bjorn Andersson)
- Revert 'net/mlx5e: Update and set Xon/Xoff upon port speed set' (Tariq Toukan)
- LTS tag: v5.4.299 (Alok Tiwari)
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (John Evans) [Orabug: 38456754] {CVE-2025-39841}
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
- cifs: fix integer overflow in match_server() (Roman Smirnov)
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (Larisa Grigore)
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (Larisa Grigore)
- spi: spi-fsl-lpspi: Fix transmissions when using CONT (Larisa Grigore)
- pcmcia: Add error handling for add_interval() in do_validate_mem() (Xu Wang)
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (Takashi Iwai)
- randstruct: gcc-plugin: Fix attribute addition (Kees Cook)
- randstruct: gcc-plugin: Remove bogus void member (Kees Cook)
- vmxnet3: update MTU after device quiesce (Ronak Doshi)
- net: dsa: microchip: linearize skb for tail-tagging switches (Jakob Unterwurzacher)
- net: dsa: microchip: update tag_ksz masks for KSZ9477 family (Pieter Van Trappen)
- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
- ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (Chris Chiu)
- gpio: pca953x: fix IRQ storm on system wake up (Emanuele Ghidoli)
- iio: light: opt3001: fix deadlock due to concurrent flag access (Luca Ceresoli) [Orabug: 37977028] {CVE-2025-37968}
- iio: chemical: pms7003: use aligned_s64 for timestamp (David Lechner)
- cpufreq/sched: Explicitly synchronize limits_changed flag handling (Rafael J. Wysocki)
- mm/slub: avoid accessing metadata when pointer is invalid in object_err() (Li Qiong) [Orabug: 38494761] {CVE-2025-39902}
- mm/khugepaged: fix ->anon_vma race (Jann Horn)
- e1000e: fix heap overflow in e1000_set_eeprom (Vitaly Lifshits) [Orabug: 38494740] {CVE-2025-39898}
- batman-adv: fix OOB read/write in network-coding decode (Stanislav Fort)
- drm/amdgpu: drop hw access in non-DC audio fini (Alex Deucher)
- wifi: mwifiex: Initialize the chan_stats array to zero (Rong Qianfeng) [Orabug: 38494723] {CVE-2025-39891}
- pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (Ma Ke)
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (Cryolitia Pukngae)
- ppp: fix memory leak in pad_compress_skb (Qingfang Deng) [Orabug: 38456781] {CVE-2025-39847}
- net: atm: fix memory leak in atm_register_sysfs when device_register fail (Wang Liang)
- ax25: properly unshare skbs in ax25_kiss_rcv() (Eric Dumazet)
- ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() (Dan Carpenter)
- net: thunder_bgx: add a missing of_node_put (Rosen Penev)
- wifi: libertas: cap SSID len in lbs_associate() (Dan Carpenter)
- wifi: cw1200: cap SSID length in cw1200_do_join() (Dan Carpenter)
- net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets (Felix Fietkau)
- i40e: Fix potential invalid access when MAC list is empty (Zhen Ni) [Orabug: 38456814] {CVE-2025-39853}
- icmp: fix icmp_ndo_send address translation for reply direction (Fabian Blase)
- mISDN: Fix memory leak in dsp_hwec_enable() (Miaoqian Lin)
- xirc2ps_cs: fix register access when enabling FullDuplex (Alok Tiwari)
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (Kuniyuki Iwashima) [Orabug: 38456834] {CVE-2025-39860}
- netfilter: conntrack: helper: Replace -EEXIST by -EBUSY (Phil Sutter)
- wifi: cfg80211: fix use-after-free in cmp_bss() (Dmitry Antipov) [Orabug: 38456860] {CVE-2025-39864}
- powerpc: boot: Remove leading zero in label in udelay() (Nathan Chancellor)
Related CVEs
| CVE-2025-39891 |
| CVE-2025-39864 |
| CVE-2025-37968 |
| CVE-2025-39841 |
| CVE-2025-39902 |
| CVE-2025-39973 |
| CVE-2025-39847 |
| CVE-2025-39860 |
| CVE-2025-39898 |
| CVE-2025-39853 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (x86_64) | kernel-uek-5.4.17-2136.349.3.1.el7uek.src.rpm | 6e3a0d3778dc21e2a2849e88d134d5d5afc2e68a734fef2f7ac581ecfa2f1f2c | - | ol7_x86_64_UEKR6_ELS |
| kernel-uek-5.4.17-2136.349.3.1.el7uek.x86_64.rpm | 8f2c400c5fa0eca2b89a521401fbe775e22fa059a81ceb679dbc2c9f63ccc473 | - | ol7_x86_64_UEKR6_ELS | |
| kernel-uek-container-5.4.17-2136.349.3.1.el7uek.x86_64.rpm | 128be9c6636a9c386577b0008c3e11c4e64c528e5296c7c83b79b89ae9f6e099 | - | ol7_x86_64_UEKR6_ELS | |
| kernel-uek-container-debug-5.4.17-2136.349.3.1.el7uek.x86_64.rpm | c1d170154ebd7201d34bf2cb6535fa80fcb3d7feb4cd125b9d741d560b5c76dd | - | ol7_x86_64_UEKR6_ELS | |
| kernel-uek-debug-5.4.17-2136.349.3.1.el7uek.x86_64.rpm | c503beaed2bef469f25f40714d70557564c502f1116dcbbb23c5f15533e7c4a5 | - | ol7_x86_64_UEKR6_ELS | |
| kernel-uek-debug-devel-5.4.17-2136.349.3.1.el7uek.x86_64.rpm | e261598a1f0bac871765d1d6baaab1b684b8874acb46e41302b15e90fcbad0a2 | - | ol7_x86_64_UEKR6_ELS | |
| kernel-uek-devel-5.4.17-2136.349.3.1.el7uek.x86_64.rpm | f717d79b05c06f7e3f45584ba1ddfe5ed7b295dac28e0046294b54462c9a5315 | - | ol7_x86_64_UEKR6_ELS | |
| kernel-uek-doc-5.4.17-2136.349.3.1.el7uek.noarch.rpm | 871848bb6f97d50dc37e3520f0fe79bc7c2baafdb0bbdfaccf49a713049daef9 | - | ol7_x86_64_UEKR6_ELS | |
| kernel-uek-tools-5.4.17-2136.349.3.1.el7uek.x86_64.rpm | 19b88d93d65efb7c01dbea939dfcc9d2185c2cebe2971431934337d8cad1de6c | - | ol7_x86_64_UEKR6_ELS | |
| Oracle Linux 8 (aarch64) | kernel-uek-5.4.17-2136.349.3.1.el8uek.src.rpm | f6aaaad9dc90b46cc8b34eeceeb680cd15db88ceb29ac0ed4ac5b2e75edc8f18 | - | ol8_aarch64_baseos_latest |
| kernel-uek-5.4.17-2136.349.3.1.el8uek.src.rpm | f6aaaad9dc90b46cc8b34eeceeb680cd15db88ceb29ac0ed4ac5b2e75edc8f18 | - | ol8_aarch64_u10_baseos_patch | |
| kernel-uek-5.4.17-2136.349.3.1.el8uek.aarch64.rpm | 96e3f6f8c594634d455d52b7181f1957e4eb2ee670aefcd32ca177424835e953 | - | ol8_aarch64_baseos_latest | |
| kernel-uek-5.4.17-2136.349.3.1.el8uek.aarch64.rpm | 96e3f6f8c594634d455d52b7181f1957e4eb2ee670aefcd32ca177424835e953 | - | ol8_aarch64_u10_baseos_patch | |
| kernel-uek-debug-5.4.17-2136.349.3.1.el8uek.aarch64.rpm | dbddd86a9a51b0c40c5ceffaeded32d8b8c127b4dfaeb3fdcd97ae125f15e9a2 | - | ol8_aarch64_baseos_latest | |
| kernel-uek-debug-5.4.17-2136.349.3.1.el8uek.aarch64.rpm | dbddd86a9a51b0c40c5ceffaeded32d8b8c127b4dfaeb3fdcd97ae125f15e9a2 | - | ol8_aarch64_u10_baseos_patch | |
| kernel-uek-debug-devel-5.4.17-2136.349.3.1.el8uek.aarch64.rpm | fef1a809b1f9518891539b1af590177edebe4aeaa7918bd35e6f449b79ddf06f | - | ol8_aarch64_baseos_latest | |
| kernel-uek-debug-devel-5.4.17-2136.349.3.1.el8uek.aarch64.rpm | fef1a809b1f9518891539b1af590177edebe4aeaa7918bd35e6f449b79ddf06f | - | ol8_aarch64_u10_baseos_patch | |
| kernel-uek-devel-5.4.17-2136.349.3.1.el8uek.aarch64.rpm | cc9e996fdde773bf2542ef29cc7fc3a28f7d0392c6ca38267720011b144497f4 | - | ol8_aarch64_baseos_latest | |
| kernel-uek-devel-5.4.17-2136.349.3.1.el8uek.aarch64.rpm | cc9e996fdde773bf2542ef29cc7fc3a28f7d0392c6ca38267720011b144497f4 | - | ol8_aarch64_u10_baseos_patch | |
| kernel-uek-doc-5.4.17-2136.349.3.1.el8uek.noarch.rpm | d84a900c335db4639a4d22ba69b1bbee64b46395714225b45593f9bcdd91ea5a | - | ol8_aarch64_baseos_latest | |
| kernel-uek-doc-5.4.17-2136.349.3.1.el8uek.noarch.rpm | d84a900c335db4639a4d22ba69b1bbee64b46395714225b45593f9bcdd91ea5a | - | ol8_aarch64_u10_baseos_patch | |
| Oracle Linux 8 (x86_64) | kernel-uek-5.4.17-2136.349.3.1.el8uek.src.rpm | f6aaaad9dc90b46cc8b34eeceeb680cd15db88ceb29ac0ed4ac5b2e75edc8f18 | - | ol8_x86_64_UEKR6 |
| kernel-uek-5.4.17-2136.349.3.1.el8uek.x86_64.rpm | 4e03b4378747d0913265d1e87ed6cab30eb31daf5eb96efa1c64b48e66d5fd53 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-container-5.4.17-2136.349.3.1.el8uek.x86_64.rpm | 13f1c89d72a1e747e0760800acb5d59a1244577798c5a2a3e2b170ca40a22fe8 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-container-debug-5.4.17-2136.349.3.1.el8uek.x86_64.rpm | 6783cb8e59178b98ddda23332989f6d322702156e08a6c9983f754129601a867 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-debug-5.4.17-2136.349.3.1.el8uek.x86_64.rpm | 47f84951fe0f88cc7fa0c30a21aa18ebc33014a7af3775dba0f30571cd0ff1ef | - | ol8_x86_64_UEKR6 | |
| kernel-uek-debug-devel-5.4.17-2136.349.3.1.el8uek.x86_64.rpm | 56b7a24d9a8d779c31160aa0461562dea155035d6175a79e68eaf03645953548 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-devel-5.4.17-2136.349.3.1.el8uek.x86_64.rpm | fe17bf5053fada1f36e0fddfee7449d3c1adef1571ce8305a70fe5d03cfef96e | - | ol8_x86_64_UEKR6 | |
| kernel-uek-doc-5.4.17-2136.349.3.1.el8uek.noarch.rpm | d84a900c335db4639a4d22ba69b1bbee64b46395714225b45593f9bcdd91ea5a | - | ol8_x86_64_UEKR6 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
