ELSA-2025-4341

ULN >
Oracle Linux Errata repository >
ELSA-2025-4341

ELSA-2025-4341 - kernel security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-04-30

Description

[5.14.0-503.40.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.40.1_5]
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (Chris Leech) [RHEL-87479] {CVE-2025-21927}
- ipvs: properly dereference pe in ip_vs_add_service (Phil Sutter) [RHEL-75438] {CVE-2024-42322}
- bonding: fix null pointer deref in bond_ipsec_offload_ok (CKI Backport Bot) [RHEL-75453] {CVE-2024-44990}
- smb: client: don't retry IO on failed negprotos with soft mounts (Jay Shin) [RHEL-85523]
- bonding: Correctly support GSO ESP offload (CKI Backport Bot) [RHEL-73403]
- team: prevent adding a device which is already a team device lower (Hangbin Liu) [RHEL-73403]
- team: Fix feature exposure when no ports are present (Hangbin Liu) [RHEL-73403]
- team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73403]
- team: Fix initial vlan_feature set in __team_compute_features (Hangbin Liu) [RHEL-73403]
- bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73403]
- bonding: Fix initial {vlan,mpls}_feature set in bond_compute_features (Hangbin Liu) [RHEL-73403]
- net, team, bonding: Add netdev_base_features helper (Hangbin Liu) [RHEL-73403]
- bonding: add ESP offload features when slaves support (Hangbin Liu) [RHEL-73403]
- net: team: rename team to team_core for linking (Hangbin Liu) [RHEL-73403]
- netfilter: br_netfilter: fix panic with metadata_dst skb (Ivan Vecera) [RHEL-71956]
- bridge: mcast: Fail MDB get request on empty entry (Ivan Vecera) [RHEL-71956]
- net: stmmac: dwmac-tegra: Fix link bring-up sequence (Jose Ignacio Tornos Martinez) [RHEL-73478]
- kobject_uevent: Fix OOB access within zap_modalias_env() (CKI KWF BOT) [RHEL-75435] {CVE-2024-42292}

[5.14.0-503.39.1_5]
- igb: cope with large MAX_SKB_FRAGS (Corinna Vinschen) [RHEL-75552]
- x86/sev: Ensure that RMP table fixups are reserved (Bandan Das) [RHEL-84716]
- ELF: fix kernel.randomize_va_space double read (Rafael Aquini) [RHEL-75456] {CVE-2024-46826}
- smb: client: fix double put of @cfile in smb2_set_path_size() (Paulo Alcantara) [RHEL-79342] {CVE-2024-46796}
- smb: client: fix double put of @cfile in smb2_rename_path() (Paulo Alcantara) [RHEL-79342] {CVE-2024-46736}
- smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp (Paulo Alcantara) [RHEL-79342]

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	kernel-5.14.0-503.40.1.el9_5.src.rpm	f4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8	-	ol9_aarch64_appstream
	kernel-5.14.0-503.40.1.el9_5.src.rpm	f4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-503.40.1.el9_5.src.rpm	f4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-503.40.1.el9_5.src.rpm	f4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8	-	ol9_aarch64_u5_baseos_patch
	bpftool-7.4.0-503.40.1.el9_5.aarch64.rpm	6b4e226a2da022ea3b198674294d3dcf5d1588283a8eb8d99767ee49fb56cc4e	-	ol9_aarch64_baseos_latest
	bpftool-7.4.0-503.40.1.el9_5.aarch64.rpm	6b4e226a2da022ea3b198674294d3dcf5d1588283a8eb8d99767ee49fb56cc4e	-	ol9_aarch64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.40.1.el9_5.aarch64.rpm	42d96ed3eb985af7fb881c254a44a75f25c99cafbf540b4456724d42f97d9a7b	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-503.40.1.el9_5.aarch64.rpm	1269a854a0759a8a4c83c37754987555aaa13f10e64173c98a89c561b0751669	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-503.40.1.el9_5.aarch64.rpm	696157907575ec38f0c5a439c6e1f96eaa718252b37ef46910be8afd7495833d	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-503.40.1.el9_5.aarch64.rpm	696157907575ec38f0c5a439c6e1f96eaa718252b37ef46910be8afd7495833d	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.40.1.el9_5.aarch64.rpm	fce58e74113c622cc93299bbcf4bc98b5f55ac1ef4e8e551a1638c6f3dc39556	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-503.40.1.el9_5.aarch64.rpm	fce58e74113c622cc93299bbcf4bc98b5f55ac1ef4e8e551a1638c6f3dc39556	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.40.1.el9_5.aarch64.rpm	492cd5f7e61a67453fde865d3a9a97daf4849a7f72a2b034a7543f9e195a2179	-	ol9_aarch64_codeready_builder
	perf-5.14.0-503.40.1.el9_5.aarch64.rpm	d5644c2425f34476818457bbe41418cea96e0fdc8d6a77a83df90f26fbf23457	-	ol9_aarch64_appstream
	python3-perf-5.14.0-503.40.1.el9_5.aarch64.rpm	76b405953128437687fb1d87c1311304aed2ffa8bb5c81e30efb45b06454ed54	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-503.40.1.el9_5.aarch64.rpm	76b405953128437687fb1d87c1311304aed2ffa8bb5c81e30efb45b06454ed54	-	ol9_aarch64_u5_baseos_patch
	rtla-5.14.0-503.40.1.el9_5.aarch64.rpm	c398db29040f46ce39d85ba7f5f9ba028e484f542400239db2bfea6efc5d2eb6	-	ol9_aarch64_appstream
	rv-5.14.0-503.40.1.el9_5.aarch64.rpm	d34bac80ea8242aed4752047e6ad35f7354be05928acdb74934810921c6b0ed5	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	kernel-5.14.0-503.40.1.el9_5.src.rpm	f4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8	-	ol9_x86_64_appstream
	kernel-5.14.0-503.40.1.el9_5.src.rpm	f4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.40.1.el9_5.src.rpm	f4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-503.40.1.el9_5.src.rpm	f4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8	-	ol9_x86_64_u5_baseos_patch
	bpftool-7.4.0-503.40.1.el9_5.x86_64.rpm	7af20ead16d139d46538cbe1479fb9f64fe61e42c0231b376d29d502c7e8dee4	-	ol9_x86_64_baseos_latest
	bpftool-7.4.0-503.40.1.el9_5.x86_64.rpm	7af20ead16d139d46538cbe1479fb9f64fe61e42c0231b376d29d502c7e8dee4	-	ol9_x86_64_u5_baseos_patch
	kernel-5.14.0-503.40.1.el9_5.x86_64.rpm	0aebdaf110ed144365d8b5ae22012a62f7dd0e7116f3efc4197456d45f23f7b4	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.40.1.el9_5.x86_64.rpm	0aebdaf110ed144365d8b5ae22012a62f7dd0e7116f3efc4197456d45f23f7b4	-	ol9_x86_64_u5_baseos_patch
	kernel-abi-stablelists-5.14.0-503.40.1.el9_5.noarch.rpm	245efa43e69cee5adff9a1b913a32d6b803d512e4843fa611b87da997b6ebe0c	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-503.40.1.el9_5.noarch.rpm	245efa43e69cee5adff9a1b913a32d6b803d512e4843fa611b87da997b6ebe0c	-	ol9_x86_64_u5_baseos_patch
	kernel-core-5.14.0-503.40.1.el9_5.x86_64.rpm	2e17fbc4e1b0a451c4bf0811465715c3a89adea8ac8ba97cbb812997956aa682	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-503.40.1.el9_5.x86_64.rpm	2e17fbc4e1b0a451c4bf0811465715c3a89adea8ac8ba97cbb812997956aa682	-	ol9_x86_64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.40.1.el9_5.x86_64.rpm	018cb83414c31b58c1e65992ead7f001440f113828b1bca4327bbd6f4755d536	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-503.40.1.el9_5.x86_64.rpm	4dab6f867029c476e87a70ea5b88444fbf2e2582c9b8fa7eb924449ef627a7df	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-503.40.1.el9_5.x86_64.rpm	4dab6f867029c476e87a70ea5b88444fbf2e2582c9b8fa7eb924449ef627a7df	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-core-5.14.0-503.40.1.el9_5.x86_64.rpm	a18750ffff545767bcdc799a02c425a53fdc5fcc24a20b7804dbfb5d6a1581c9	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-503.40.1.el9_5.x86_64.rpm	a18750ffff545767bcdc799a02c425a53fdc5fcc24a20b7804dbfb5d6a1581c9	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-devel-5.14.0-503.40.1.el9_5.x86_64.rpm	8ef9963e2fc0fcfdc227003db1f7369fa5529cf0d00912ac0e913cd56d1603d8	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-503.40.1.el9_5.x86_64.rpm	c91b0a95ffeeb150bd5ac995262af7b2e451641b02d873cc1fc2c55ba6188d28	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-503.40.1.el9_5.x86_64.rpm	079b22fbcc31e6f9673599c437380c1b5db6edded787740c0da12b10ac711de4	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-503.40.1.el9_5.x86_64.rpm	079b22fbcc31e6f9673599c437380c1b5db6edded787740c0da12b10ac711de4	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-core-5.14.0-503.40.1.el9_5.x86_64.rpm	b227cdb8b7ae63ca7693b508645984ba353f4c58fb6faa43ff94f01938594c61	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-503.40.1.el9_5.x86_64.rpm	b227cdb8b7ae63ca7693b508645984ba353f4c58fb6faa43ff94f01938594c61	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-extra-5.14.0-503.40.1.el9_5.x86_64.rpm	8781671be7f88a91c6bc8e9739242d3d233fc536579ec70378aa889329c313bf	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-503.40.1.el9_5.x86_64.rpm	8781671be7f88a91c6bc8e9739242d3d233fc536579ec70378aa889329c313bf	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-uki-virt-5.14.0-503.40.1.el9_5.x86_64.rpm	64fd917c39b1a13af892a8cc28b895c7ff2e6f5b1376eac3530f13a1cbd0871a	-	ol9_x86_64_baseos_latest
	kernel-debug-uki-virt-5.14.0-503.40.1.el9_5.x86_64.rpm	64fd917c39b1a13af892a8cc28b895c7ff2e6f5b1376eac3530f13a1cbd0871a	-	ol9_x86_64_u5_baseos_patch
	kernel-devel-5.14.0-503.40.1.el9_5.x86_64.rpm	066c5aa0049decf88763549f0b79141c56e4a00a9679081021ef086a313fe2ce	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-503.40.1.el9_5.x86_64.rpm	3a0c2a70f7bcb9ed2c36c1e51baed4b1f5794daa7fd8fa92df4a4a8fe3ef486b	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-503.40.1.el9_5.noarch.rpm	3620209d0c5a03016e03073e08b830f8b71fd39306755b1ebddc469db3f44558	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-503.40.1.el9_5.x86_64.rpm	aa228663b19644fc46e6abb3254a8b9fccb546a52760e1a26fe118d63203c6c5	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-503.40.1.el9_5.x86_64.rpm	c08e12e55f6eab00cae1a791683472539d09b829371c12ca69732e61d9025f49	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-503.40.1.el9_5.x86_64.rpm	c08e12e55f6eab00cae1a791683472539d09b829371c12ca69732e61d9025f49	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-core-5.14.0-503.40.1.el9_5.x86_64.rpm	c87456c8b0ca614cc4b94192f6d93d18d5105af1c7e3a55e49c13b5d92a821ae	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-503.40.1.el9_5.x86_64.rpm	c87456c8b0ca614cc4b94192f6d93d18d5105af1c7e3a55e49c13b5d92a821ae	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-extra-5.14.0-503.40.1.el9_5.x86_64.rpm	fc1d62c5dd9e86cd71a45388274de190b8ad7c905cb510db8025faa299a5cef5	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-503.40.1.el9_5.x86_64.rpm	fc1d62c5dd9e86cd71a45388274de190b8ad7c905cb510db8025faa299a5cef5	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-5.14.0-503.40.1.el9_5.x86_64.rpm	a503ede62070d8ecdc75a7fa241e0c8c4485228b9fc6e93d08afe678b2a0155a	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-503.40.1.el9_5.x86_64.rpm	a503ede62070d8ecdc75a7fa241e0c8c4485228b9fc6e93d08afe678b2a0155a	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.40.1.el9_5.x86_64.rpm	a0030d643f36783b101a6bbcdb5f637e92bc222abcb6ddc7d9f40ba1794df440	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-503.40.1.el9_5.x86_64.rpm	a0030d643f36783b101a6bbcdb5f637e92bc222abcb6ddc7d9f40ba1794df440	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.40.1.el9_5.x86_64.rpm	3f4b386a352062f0ba2462e60bcfb9762b7e7a09b7445a9a274b3fcea5d27503	-	ol9_x86_64_codeready_builder
	kernel-uki-virt-5.14.0-503.40.1.el9_5.x86_64.rpm	ffb5c140b754406668aa4d3dce0e5a623b315b51b81522ddaefea698e66c01a7	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-5.14.0-503.40.1.el9_5.x86_64.rpm	ffb5c140b754406668aa4d3dce0e5a623b315b51b81522ddaefea698e66c01a7	-	ol9_x86_64_u5_baseos_patch
	kernel-uki-virt-addons-5.14.0-503.40.1.el9_5.x86_64.rpm	e3530380ce6b344b8c56c7ca0307c848b4a672a71d05331586f59dc96efc60df	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-addons-5.14.0-503.40.1.el9_5.x86_64.rpm	e3530380ce6b344b8c56c7ca0307c848b4a672a71d05331586f59dc96efc60df	-	ol9_x86_64_u5_baseos_patch
	libperf-5.14.0-503.40.1.el9_5.x86_64.rpm	2baf470af013bf66d1e5ca9824679b26299883b26569b0459c9dc8d17ed061b9	-	ol9_x86_64_codeready_builder
	perf-5.14.0-503.40.1.el9_5.x86_64.rpm	a42e57d4fae6f87e0505a36a57927bea4bc9e87e0900bd6e632716db4cb4ef6b	-	ol9_x86_64_appstream
	python3-perf-5.14.0-503.40.1.el9_5.x86_64.rpm	1ed92234f303b098dd981406220c849838cb97b572330be23dfa406dea49d88b	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-503.40.1.el9_5.x86_64.rpm	1ed92234f303b098dd981406220c849838cb97b572330be23dfa406dea49d88b	-	ol9_x86_64_u5_baseos_patch
	rtla-5.14.0-503.40.1.el9_5.x86_64.rpm	d80bb20eebb7d053312593431bae0d6b7e92dda4061bb967102dc013d7e05e4d	-	ol9_x86_64_appstream
	rv-5.14.0-503.40.1.el9_5.x86_64.rpm	c4f296672ae12b33e237e855c1d69fa2bc47f749c72705d982501a0623d8c60d	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691