ELSA-2025-2627

ULN >
Oracle Linux Errata repository >
ELSA-2025-2627

ELSA-2025-2627 - kernel security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-03-11

Description

[5.14.0-503.31.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.31.1_5]
- HID: core: zero-initialize the report buffer (Benjamin Tissoires) [RHEL-81838] {CVE-2024-50302}
- x86/kaslr: Expose and use the end of the physical memory address space (Waiman Long) [RHEL-70002]
- ALSA: usb-audio: Fix a DMA to stack memory bug (Jaroslav Kysela) [RHEL-81799]
- ALSA: usb-audio: Fix for sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81799]
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Jaroslav Kysela) [RHEL-81799] {CVE-2024-53197}
- ALSA: usb-audio: Add sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81799]
- x86/kexec: Add EFI config table identity mapping for kexec kernel (Jay Shin) [RHEL-74170]
- mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (Jay Shin) [RHEL-73210] {CVE-2024-53113}
- can: bcm: Fix UAF in bcm_proc_show() (CKI KWF BOT) [RHEL-80746] {CVE-2023-52922}
- smb: client: fix chmod(2) regression with ATTR_READONLY (Jay Shin) [RHEL-80526]
- hugetlb: prioritize surplus allocation from current node (Aristeu Rozanski) [RHEL-77488]
- dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). (Antoine Tenart) [RHEL-77338]
- net: add softirq safety to netdev_rename_lock (Antoine Tenart) [RHEL-77343]
- arp: Convert ioctl(SIOCGARP) to RCU. (Antoine Tenart) [RHEL-77343]
- net: Protect dev->name by seqlock. (Antoine Tenart) [RHEL-77343]
- net: Remove unused declaration dev_restart() (Antoine Tenart) [RHEL-77343]
- arp: Get dev after calling arp_req_(delete|set|get)(). (Antoine Tenart) [RHEL-77343]
- arp: Remove a nest in arp_req_get(). (Antoine Tenart) [RHEL-77343]
- arp: Factorise ip_route_output() call in arp_req_set() and arp_req_delete(). (Antoine Tenart) [RHEL-77343]
- arp: Validate netmask earlier for SIOCDARP and SIOCSARP in arp_ioctl(). (Antoine Tenart) [RHEL-77343]
- arp: Move ATF_COM setting in arp_req_set(). (Antoine Tenart) [RHEL-77343]
- ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-75250] {CVE-2023-52605}
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-75461] {CVE-2024-50264}
- x86/pci: Skip early E820 check for ECAM region (CKI Backport Bot) [RHEL-67065]
- cpufreq: intel_pstate: Update Balance performance EPP for Emerald Rapids (Steve Best) [RHEL-64291]

[5.14.0-503.30.1_5]
- can: bcm: Fix UAF in bcm_proc_show() (CKI KWF BOT) [RHEL-80746] {CVE-2023-52922}
- smb: client: fix chmod(2) regression with ATTR_READONLY (Jay Shin) [RHEL-80526]
- hugetlb: prioritize surplus allocation from current node (Aristeu Rozanski) [RHEL-77488]
- dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). (Antoine Tenart) [RHEL-77338]
- net: add softirq safety to netdev_rename_lock (Antoine Tenart) [RHEL-77343]
- arp: Convert ioctl(SIOCGARP) to RCU. (Antoine Tenart) [RHEL-77343]
- net: Protect dev->name by seqlock. (Antoine Tenart) [RHEL-77343]
- net: Remove unused declaration dev_restart() (Antoine Tenart) [RHEL-77343]
- arp: Get dev after calling arp_req_(delete|set|get)(). (Antoine Tenart) [RHEL-77343]
- arp: Remove a nest in arp_req_get(). (Antoine Tenart) [RHEL-77343]
- arp: Factorise ip_route_output() call in arp_req_set() and arp_req_delete(). (Antoine Tenart) [RHEL-77343]
- arp: Validate netmask earlier for SIOCDARP and SIOCSARP in arp_ioctl(). (Antoine Tenart) [RHEL-77343]
- arp: Move ATF_COM setting in arp_req_set(). (Antoine Tenart) [RHEL-77343]
- ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-75250] {CVE-2023-52605}
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-75461] {CVE-2024-50264}
- x86/pci: Skip early E820 check for ECAM region (CKI Backport Bot) [RHEL-67065]
- cpufreq: intel_pstate: Update Balance performance EPP for Emerald Rapids (Steve Best) [RHEL-64291]

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	kernel-5.14.0-503.31.1.el9_5.src.rpm	1c4e7175711fb390e565e872574976be3020d7ccc1ad1d0bd903e08fbe655ef8	-	ol9_aarch64_appstream
	kernel-5.14.0-503.31.1.el9_5.src.rpm	1c4e7175711fb390e565e872574976be3020d7ccc1ad1d0bd903e08fbe655ef8	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-503.31.1.el9_5.src.rpm	1c4e7175711fb390e565e872574976be3020d7ccc1ad1d0bd903e08fbe655ef8	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-503.31.1.el9_5.src.rpm	1c4e7175711fb390e565e872574976be3020d7ccc1ad1d0bd903e08fbe655ef8	-	ol9_aarch64_u5_baseos_patch
	bpftool-7.4.0-503.31.1.el9_5.aarch64.rpm	febb4b2fa6844fd0e81a0688ff93620e0899cce28eb56783a30e34d033867e5a	-	ol9_aarch64_baseos_latest
	bpftool-7.4.0-503.31.1.el9_5.aarch64.rpm	febb4b2fa6844fd0e81a0688ff93620e0899cce28eb56783a30e34d033867e5a	-	ol9_aarch64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.31.1.el9_5.aarch64.rpm	5be26b909ac79eeb3f1273211aaf48cf88c7b4dd05f229dd9b2c41b3af5c8d9a	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-503.31.1.el9_5.aarch64.rpm	678c6853340c2264b87dc963dc198bcff5b783aead044fc64f202c90c343859f	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-503.31.1.el9_5.aarch64.rpm	02cdf5b8abea5c4066abc801f0fc6bf2aecc4da20fa496cdbf1414588bd42725	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-503.31.1.el9_5.aarch64.rpm	02cdf5b8abea5c4066abc801f0fc6bf2aecc4da20fa496cdbf1414588bd42725	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.31.1.el9_5.aarch64.rpm	e12fcc41b89f93c0445e479e5598b8288b6aa75a75ada54b68c114dd41aca3a7	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-503.31.1.el9_5.aarch64.rpm	e12fcc41b89f93c0445e479e5598b8288b6aa75a75ada54b68c114dd41aca3a7	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.31.1.el9_5.aarch64.rpm	45d8d0d381ae9c6e191dc8c128034a8021bdac5153ffe0e67f6e9a0b4083c88c	-	ol9_aarch64_codeready_builder
	perf-5.14.0-503.31.1.el9_5.aarch64.rpm	c8f39bf4bb51617bf48b87a35e363419f0394ccb3207f8c40a0d9d546a87ff03	-	ol9_aarch64_appstream
	python3-perf-5.14.0-503.31.1.el9_5.aarch64.rpm	9b865ce0ab12c53a32b97c27b12145084b8724378561f4204546985628854e73	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-503.31.1.el9_5.aarch64.rpm	9b865ce0ab12c53a32b97c27b12145084b8724378561f4204546985628854e73	-	ol9_aarch64_u5_baseos_patch
	rtla-5.14.0-503.31.1.el9_5.aarch64.rpm	41f0d721df2004c7bcdbaaf555e1136a0a17b57bf11d0a5da4734ea7410de0b5	-	ol9_aarch64_appstream
	rv-5.14.0-503.31.1.el9_5.aarch64.rpm	982afbb2277e550daa44d713046cb16eb7fecee2125dac491133bc0227db53e7	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	kernel-5.14.0-503.31.1.el9_5.src.rpm	1c4e7175711fb390e565e872574976be3020d7ccc1ad1d0bd903e08fbe655ef8	-	ol9_x86_64_appstream
	kernel-5.14.0-503.31.1.el9_5.src.rpm	1c4e7175711fb390e565e872574976be3020d7ccc1ad1d0bd903e08fbe655ef8	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.31.1.el9_5.src.rpm	1c4e7175711fb390e565e872574976be3020d7ccc1ad1d0bd903e08fbe655ef8	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-503.31.1.el9_5.src.rpm	1c4e7175711fb390e565e872574976be3020d7ccc1ad1d0bd903e08fbe655ef8	-	ol9_x86_64_u5_baseos_patch
	bpftool-7.4.0-503.31.1.el9_5.x86_64.rpm	9c3b825626c39b5ac9d12de1a2cab46e24b558fc37ac60e62ea6bb3649d41020	-	ol9_x86_64_baseos_latest
	bpftool-7.4.0-503.31.1.el9_5.x86_64.rpm	9c3b825626c39b5ac9d12de1a2cab46e24b558fc37ac60e62ea6bb3649d41020	-	ol9_x86_64_u5_baseos_patch
	kernel-5.14.0-503.31.1.el9_5.x86_64.rpm	5b3580b3eb0cec4ab86832b2f008029293e419353563631d4f7038e12533d97e	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.31.1.el9_5.x86_64.rpm	5b3580b3eb0cec4ab86832b2f008029293e419353563631d4f7038e12533d97e	-	ol9_x86_64_u5_baseos_patch
	kernel-abi-stablelists-5.14.0-503.31.1.el9_5.noarch.rpm	06cfaa4da6e4a33f59057a72440aaaf5d21e209cbcc0d8aca50ac048228c95bb	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-503.31.1.el9_5.noarch.rpm	06cfaa4da6e4a33f59057a72440aaaf5d21e209cbcc0d8aca50ac048228c95bb	-	ol9_x86_64_u5_baseos_patch
	kernel-core-5.14.0-503.31.1.el9_5.x86_64.rpm	8ecd22e40b8e47c77212fa0f2969a6a5e328d06c9eae4eaf71d148154862fa84	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-503.31.1.el9_5.x86_64.rpm	8ecd22e40b8e47c77212fa0f2969a6a5e328d06c9eae4eaf71d148154862fa84	-	ol9_x86_64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.31.1.el9_5.x86_64.rpm	a7b34c087728a78b2ca03778f0093a0e23a242b069a6672789d8bc55a3e1a216	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-503.31.1.el9_5.x86_64.rpm	04aea7b3a2f2d00f46cab81245ab9e4c9831a3aa6ea65627a1c2cedd42e5f04c	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-503.31.1.el9_5.x86_64.rpm	04aea7b3a2f2d00f46cab81245ab9e4c9831a3aa6ea65627a1c2cedd42e5f04c	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-core-5.14.0-503.31.1.el9_5.x86_64.rpm	771ad06486ecd472dc6f57afe6296d09799a38b8f65721b1f919dab4efae37ca	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-503.31.1.el9_5.x86_64.rpm	771ad06486ecd472dc6f57afe6296d09799a38b8f65721b1f919dab4efae37ca	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-devel-5.14.0-503.31.1.el9_5.x86_64.rpm	9cfd4a168cdfccc315ee74869e13985427ab3d26abefc9d1ca9d521bbdc9c0cc	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-503.31.1.el9_5.x86_64.rpm	d2343f4f95c2aadbe70b00b6c00eae3766b143307d62e9f3095fc555ca83337c	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-503.31.1.el9_5.x86_64.rpm	2789e0b26165aea8d2b4e8c86844b742f2e9652331782fb11b5327c049b4189c	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-503.31.1.el9_5.x86_64.rpm	2789e0b26165aea8d2b4e8c86844b742f2e9652331782fb11b5327c049b4189c	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-core-5.14.0-503.31.1.el9_5.x86_64.rpm	596547ece71da4037c0550af4442c4b02fdf4d91f327a96e6cd950e37019c395	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-503.31.1.el9_5.x86_64.rpm	596547ece71da4037c0550af4442c4b02fdf4d91f327a96e6cd950e37019c395	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-extra-5.14.0-503.31.1.el9_5.x86_64.rpm	755eabc1db3f049664cda007467a07f234fabb8a5a8d2964a45ebcf3314457c2	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-503.31.1.el9_5.x86_64.rpm	755eabc1db3f049664cda007467a07f234fabb8a5a8d2964a45ebcf3314457c2	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-uki-virt-5.14.0-503.31.1.el9_5.x86_64.rpm	fe9f88fd20d7b8ccf094047ed30c3a02bd923efb492e331aa31d8dd52d1c9486	-	ol9_x86_64_baseos_latest
	kernel-debug-uki-virt-5.14.0-503.31.1.el9_5.x86_64.rpm	fe9f88fd20d7b8ccf094047ed30c3a02bd923efb492e331aa31d8dd52d1c9486	-	ol9_x86_64_u5_baseos_patch
	kernel-devel-5.14.0-503.31.1.el9_5.x86_64.rpm	5732bdd8974ce92aeb230935ba0b056dc0cd2a45e9741029a256178dd0a10941	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-503.31.1.el9_5.x86_64.rpm	daa3ed9a7d9fd6ede637d18f60ea294cf3273982b2a0f32e6d21d5cca23dfe35	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-503.31.1.el9_5.noarch.rpm	b1024c8591d92fa17e17cf22561039d1dad594a846b88167cf539886eb5853fb	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-503.31.1.el9_5.x86_64.rpm	3ef99f4b873a57b639760c1bfb4234e82121d77288f2b9b21d12239c26cf518b	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-503.31.1.el9_5.x86_64.rpm	5bc3ee353077a1ebf01f0115a5adcb279113ec8b68d68ca5b977f7d89759289e	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-503.31.1.el9_5.x86_64.rpm	5bc3ee353077a1ebf01f0115a5adcb279113ec8b68d68ca5b977f7d89759289e	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-core-5.14.0-503.31.1.el9_5.x86_64.rpm	1016a2576dd146564457f1b3db995be7fa464032c86d6c74b268eb34b6fadbb1	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-503.31.1.el9_5.x86_64.rpm	1016a2576dd146564457f1b3db995be7fa464032c86d6c74b268eb34b6fadbb1	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-extra-5.14.0-503.31.1.el9_5.x86_64.rpm	9e25bc17dd03c03df2d6b3e89380d4a14fb7bd0e81c540d5f5499d68223b624f	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-503.31.1.el9_5.x86_64.rpm	9e25bc17dd03c03df2d6b3e89380d4a14fb7bd0e81c540d5f5499d68223b624f	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-5.14.0-503.31.1.el9_5.x86_64.rpm	023d149d5ba355caffb1c1337789112e05ba6e623f4818c33f61a4108ee4605b	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-503.31.1.el9_5.x86_64.rpm	023d149d5ba355caffb1c1337789112e05ba6e623f4818c33f61a4108ee4605b	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.31.1.el9_5.x86_64.rpm	b55804f74838a940255bef4da38dab27b170f243def3415d02eeb40798e7ad81	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-503.31.1.el9_5.x86_64.rpm	b55804f74838a940255bef4da38dab27b170f243def3415d02eeb40798e7ad81	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.31.1.el9_5.x86_64.rpm	318a7ff28b4495ab657c8c79b0fcb3d69aca9aa89bd2b5156fda0e73d37e5017	-	ol9_x86_64_codeready_builder
	kernel-uki-virt-5.14.0-503.31.1.el9_5.x86_64.rpm	a28f14b6773f0cb33cd721c9144ec85f5b329b46eb88aa66f571f57ae440011f	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-5.14.0-503.31.1.el9_5.x86_64.rpm	a28f14b6773f0cb33cd721c9144ec85f5b329b46eb88aa66f571f57ae440011f	-	ol9_x86_64_u5_baseos_patch
	kernel-uki-virt-addons-5.14.0-503.31.1.el9_5.x86_64.rpm	32da34bfc4f02224c2d5caa37b00a46e7219d01fa47dbf2fdb43106e71196eba	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-addons-5.14.0-503.31.1.el9_5.x86_64.rpm	32da34bfc4f02224c2d5caa37b00a46e7219d01fa47dbf2fdb43106e71196eba	-	ol9_x86_64_u5_baseos_patch
	libperf-5.14.0-503.31.1.el9_5.x86_64.rpm	2b57f02ee17a20fc0b696012a15b9b4abb65858e9b935e95c08c995b8653c459	-	ol9_x86_64_codeready_builder
	perf-5.14.0-503.31.1.el9_5.x86_64.rpm	f03416ad8d90606e44025ade896d54effc3f0102efcd913393ed857d115a5c54	-	ol9_x86_64_appstream
	python3-perf-5.14.0-503.31.1.el9_5.x86_64.rpm	076c72fb57d8c945e7c216fa716dbea3b3bc4ce2ee1b05a01a2eeeb15ff185f7	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-503.31.1.el9_5.x86_64.rpm	076c72fb57d8c945e7c216fa716dbea3b3bc4ce2ee1b05a01a2eeeb15ff185f7	-	ol9_x86_64_u5_baseos_patch
	rtla-5.14.0-503.31.1.el9_5.x86_64.rpm	7f46735e4f67cd49d27991962e213353942e9116b5fd50efa346d06368026d98	-	ol9_x86_64_appstream
	rv-5.14.0-503.31.1.el9_5.x86_64.rpm	290e7101a31cc7211343fbaa9c7f94d3d91e22c345ac24b9c9443653fa60b9c5	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691