ELSA-2025-4341

ELSA-2025-4341 - kernel security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2025-04-30

Description


[5.14.0-503.40.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.40.1_5]
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (Chris Leech) [RHEL-87479] {CVE-2025-21927}
- ipvs: properly dereference pe in ip_vs_add_service (Phil Sutter) [RHEL-75438] {CVE-2024-42322}
- bonding: fix null pointer deref in bond_ipsec_offload_ok (CKI Backport Bot) [RHEL-75453] {CVE-2024-44990}
- smb: client: don't retry IO on failed negprotos with soft mounts (Jay Shin) [RHEL-85523]
- bonding: Correctly support GSO ESP offload (CKI Backport Bot) [RHEL-73403]
- team: prevent adding a device which is already a team device lower (Hangbin Liu) [RHEL-73403]
- team: Fix feature exposure when no ports are present (Hangbin Liu) [RHEL-73403]
- team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73403]
- team: Fix initial vlan_feature set in __team_compute_features (Hangbin Liu) [RHEL-73403]
- bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73403]
- bonding: Fix initial {vlan,mpls}_feature set in bond_compute_features (Hangbin Liu) [RHEL-73403]
- net, team, bonding: Add netdev_base_features helper (Hangbin Liu) [RHEL-73403]
- bonding: add ESP offload features when slaves support (Hangbin Liu) [RHEL-73403]
- net: team: rename team to team_core for linking (Hangbin Liu) [RHEL-73403]
- netfilter: br_netfilter: fix panic with metadata_dst skb (Ivan Vecera) [RHEL-71956]
- bridge: mcast: Fail MDB get request on empty entry (Ivan Vecera) [RHEL-71956]
- net: stmmac: dwmac-tegra: Fix link bring-up sequence (Jose Ignacio Tornos Martinez) [RHEL-73478]
- kobject_uevent: Fix OOB access within zap_modalias_env() (CKI KWF BOT) [RHEL-75435] {CVE-2024-42292}

[5.14.0-503.39.1_5]
- igb: cope with large MAX_SKB_FRAGS (Corinna Vinschen) [RHEL-75552]
- x86/sev: Ensure that RMP table fixups are reserved (Bandan Das) [RHEL-84716]
- ELF: fix kernel.randomize_va_space double read (Rafael Aquini) [RHEL-75456] {CVE-2024-46826}
- smb: client: fix double put of @cfile in smb2_set_path_size() (Paulo Alcantara) [RHEL-79342] {CVE-2024-46796}
- smb: client: fix double put of @cfile in smb2_rename_path() (Paulo Alcantara) [RHEL-79342] {CVE-2024-46736}
- smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp (Paulo Alcantara) [RHEL-79342]


Related CVEs


CVE-2025-21927
CVE-2024-44990
CVE-2024-42292
CVE-2024-42322
CVE-2024-46826

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) kernel-5.14.0-503.40.1.el9_5.src.rpmf4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8-ol9_aarch64_appstream
kernel-5.14.0-503.40.1.el9_5.src.rpmf4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8-ol9_aarch64_baseos_latest
kernel-5.14.0-503.40.1.el9_5.src.rpmf4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8-ol9_aarch64_codeready_builder
kernel-5.14.0-503.40.1.el9_5.src.rpmf4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8-ol9_aarch64_u5_baseos_patch
bpftool-7.4.0-503.40.1.el9_5.aarch64.rpm6b4e226a2da022ea3b198674294d3dcf5d1588283a8eb8d99767ee49fb56cc4e-ol9_aarch64_baseos_latest
bpftool-7.4.0-503.40.1.el9_5.aarch64.rpm6b4e226a2da022ea3b198674294d3dcf5d1588283a8eb8d99767ee49fb56cc4e-ol9_aarch64_u5_baseos_patch
kernel-cross-headers-5.14.0-503.40.1.el9_5.aarch64.rpm42d96ed3eb985af7fb881c254a44a75f25c99cafbf540b4456724d42f97d9a7b-ol9_aarch64_codeready_builder
kernel-headers-5.14.0-503.40.1.el9_5.aarch64.rpm1269a854a0759a8a4c83c37754987555aaa13f10e64173c98a89c561b0751669-ol9_aarch64_appstream
kernel-tools-5.14.0-503.40.1.el9_5.aarch64.rpm696157907575ec38f0c5a439c6e1f96eaa718252b37ef46910be8afd7495833d-ol9_aarch64_baseos_latest
kernel-tools-5.14.0-503.40.1.el9_5.aarch64.rpm696157907575ec38f0c5a439c6e1f96eaa718252b37ef46910be8afd7495833d-ol9_aarch64_u5_baseos_patch
kernel-tools-libs-5.14.0-503.40.1.el9_5.aarch64.rpmfce58e74113c622cc93299bbcf4bc98b5f55ac1ef4e8e551a1638c6f3dc39556-ol9_aarch64_baseos_latest
kernel-tools-libs-5.14.0-503.40.1.el9_5.aarch64.rpmfce58e74113c622cc93299bbcf4bc98b5f55ac1ef4e8e551a1638c6f3dc39556-ol9_aarch64_u5_baseos_patch
kernel-tools-libs-devel-5.14.0-503.40.1.el9_5.aarch64.rpm492cd5f7e61a67453fde865d3a9a97daf4849a7f72a2b034a7543f9e195a2179-ol9_aarch64_codeready_builder
perf-5.14.0-503.40.1.el9_5.aarch64.rpmd5644c2425f34476818457bbe41418cea96e0fdc8d6a77a83df90f26fbf23457-ol9_aarch64_appstream
python3-perf-5.14.0-503.40.1.el9_5.aarch64.rpm76b405953128437687fb1d87c1311304aed2ffa8bb5c81e30efb45b06454ed54-ol9_aarch64_baseos_latest
python3-perf-5.14.0-503.40.1.el9_5.aarch64.rpm76b405953128437687fb1d87c1311304aed2ffa8bb5c81e30efb45b06454ed54-ol9_aarch64_u5_baseos_patch
rtla-5.14.0-503.40.1.el9_5.aarch64.rpmc398db29040f46ce39d85ba7f5f9ba028e484f542400239db2bfea6efc5d2eb6-ol9_aarch64_appstream
rv-5.14.0-503.40.1.el9_5.aarch64.rpmd34bac80ea8242aed4752047e6ad35f7354be05928acdb74934810921c6b0ed5-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) kernel-5.14.0-503.40.1.el9_5.src.rpmf4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8-ol9_x86_64_appstream
kernel-5.14.0-503.40.1.el9_5.src.rpmf4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8-ol9_x86_64_baseos_latest
kernel-5.14.0-503.40.1.el9_5.src.rpmf4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8-ol9_x86_64_codeready_builder
kernel-5.14.0-503.40.1.el9_5.src.rpmf4a2ee2d313fa852c35718f814a9b5f7c50f333ee721132e789d307d2e1ee4e8-ol9_x86_64_u5_baseos_patch
bpftool-7.4.0-503.40.1.el9_5.x86_64.rpm7af20ead16d139d46538cbe1479fb9f64fe61e42c0231b376d29d502c7e8dee4-ol9_x86_64_baseos_latest
bpftool-7.4.0-503.40.1.el9_5.x86_64.rpm7af20ead16d139d46538cbe1479fb9f64fe61e42c0231b376d29d502c7e8dee4-ol9_x86_64_u5_baseos_patch
kernel-5.14.0-503.40.1.el9_5.x86_64.rpm0aebdaf110ed144365d8b5ae22012a62f7dd0e7116f3efc4197456d45f23f7b4-ol9_x86_64_baseos_latest
kernel-5.14.0-503.40.1.el9_5.x86_64.rpm0aebdaf110ed144365d8b5ae22012a62f7dd0e7116f3efc4197456d45f23f7b4-ol9_x86_64_u5_baseos_patch
kernel-abi-stablelists-5.14.0-503.40.1.el9_5.noarch.rpm245efa43e69cee5adff9a1b913a32d6b803d512e4843fa611b87da997b6ebe0c-ol9_x86_64_baseos_latest
kernel-abi-stablelists-5.14.0-503.40.1.el9_5.noarch.rpm245efa43e69cee5adff9a1b913a32d6b803d512e4843fa611b87da997b6ebe0c-ol9_x86_64_u5_baseos_patch
kernel-core-5.14.0-503.40.1.el9_5.x86_64.rpm2e17fbc4e1b0a451c4bf0811465715c3a89adea8ac8ba97cbb812997956aa682-ol9_x86_64_baseos_latest
kernel-core-5.14.0-503.40.1.el9_5.x86_64.rpm2e17fbc4e1b0a451c4bf0811465715c3a89adea8ac8ba97cbb812997956aa682-ol9_x86_64_u5_baseos_patch
kernel-cross-headers-5.14.0-503.40.1.el9_5.x86_64.rpm018cb83414c31b58c1e65992ead7f001440f113828b1bca4327bbd6f4755d536-ol9_x86_64_codeready_builder
kernel-debug-5.14.0-503.40.1.el9_5.x86_64.rpm4dab6f867029c476e87a70ea5b88444fbf2e2582c9b8fa7eb924449ef627a7df-ol9_x86_64_baseos_latest
kernel-debug-5.14.0-503.40.1.el9_5.x86_64.rpm4dab6f867029c476e87a70ea5b88444fbf2e2582c9b8fa7eb924449ef627a7df-ol9_x86_64_u5_baseos_patch
kernel-debug-core-5.14.0-503.40.1.el9_5.x86_64.rpma18750ffff545767bcdc799a02c425a53fdc5fcc24a20b7804dbfb5d6a1581c9-ol9_x86_64_baseos_latest
kernel-debug-core-5.14.0-503.40.1.el9_5.x86_64.rpma18750ffff545767bcdc799a02c425a53fdc5fcc24a20b7804dbfb5d6a1581c9-ol9_x86_64_u5_baseos_patch
kernel-debug-devel-5.14.0-503.40.1.el9_5.x86_64.rpm8ef9963e2fc0fcfdc227003db1f7369fa5529cf0d00912ac0e913cd56d1603d8-ol9_x86_64_appstream
kernel-debug-devel-matched-5.14.0-503.40.1.el9_5.x86_64.rpmc91b0a95ffeeb150bd5ac995262af7b2e451641b02d873cc1fc2c55ba6188d28-ol9_x86_64_appstream
kernel-debug-modules-5.14.0-503.40.1.el9_5.x86_64.rpm079b22fbcc31e6f9673599c437380c1b5db6edded787740c0da12b10ac711de4-ol9_x86_64_baseos_latest
kernel-debug-modules-5.14.0-503.40.1.el9_5.x86_64.rpm079b22fbcc31e6f9673599c437380c1b5db6edded787740c0da12b10ac711de4-ol9_x86_64_u5_baseos_patch
kernel-debug-modules-core-5.14.0-503.40.1.el9_5.x86_64.rpmb227cdb8b7ae63ca7693b508645984ba353f4c58fb6faa43ff94f01938594c61-ol9_x86_64_baseos_latest
kernel-debug-modules-core-5.14.0-503.40.1.el9_5.x86_64.rpmb227cdb8b7ae63ca7693b508645984ba353f4c58fb6faa43ff94f01938594c61-ol9_x86_64_u5_baseos_patch
kernel-debug-modules-extra-5.14.0-503.40.1.el9_5.x86_64.rpm8781671be7f88a91c6bc8e9739242d3d233fc536579ec70378aa889329c313bf-ol9_x86_64_baseos_latest
kernel-debug-modules-extra-5.14.0-503.40.1.el9_5.x86_64.rpm8781671be7f88a91c6bc8e9739242d3d233fc536579ec70378aa889329c313bf-ol9_x86_64_u5_baseos_patch
kernel-debug-uki-virt-5.14.0-503.40.1.el9_5.x86_64.rpm64fd917c39b1a13af892a8cc28b895c7ff2e6f5b1376eac3530f13a1cbd0871a-ol9_x86_64_baseos_latest
kernel-debug-uki-virt-5.14.0-503.40.1.el9_5.x86_64.rpm64fd917c39b1a13af892a8cc28b895c7ff2e6f5b1376eac3530f13a1cbd0871a-ol9_x86_64_u5_baseos_patch
kernel-devel-5.14.0-503.40.1.el9_5.x86_64.rpm066c5aa0049decf88763549f0b79141c56e4a00a9679081021ef086a313fe2ce-ol9_x86_64_appstream
kernel-devel-matched-5.14.0-503.40.1.el9_5.x86_64.rpm3a0c2a70f7bcb9ed2c36c1e51baed4b1f5794daa7fd8fa92df4a4a8fe3ef486b-ol9_x86_64_appstream
kernel-doc-5.14.0-503.40.1.el9_5.noarch.rpm3620209d0c5a03016e03073e08b830f8b71fd39306755b1ebddc469db3f44558-ol9_x86_64_appstream
kernel-headers-5.14.0-503.40.1.el9_5.x86_64.rpmaa228663b19644fc46e6abb3254a8b9fccb546a52760e1a26fe118d63203c6c5-ol9_x86_64_appstream
kernel-modules-5.14.0-503.40.1.el9_5.x86_64.rpmc08e12e55f6eab00cae1a791683472539d09b829371c12ca69732e61d9025f49-ol9_x86_64_baseos_latest
kernel-modules-5.14.0-503.40.1.el9_5.x86_64.rpmc08e12e55f6eab00cae1a791683472539d09b829371c12ca69732e61d9025f49-ol9_x86_64_u5_baseos_patch
kernel-modules-core-5.14.0-503.40.1.el9_5.x86_64.rpmc87456c8b0ca614cc4b94192f6d93d18d5105af1c7e3a55e49c13b5d92a821ae-ol9_x86_64_baseos_latest
kernel-modules-core-5.14.0-503.40.1.el9_5.x86_64.rpmc87456c8b0ca614cc4b94192f6d93d18d5105af1c7e3a55e49c13b5d92a821ae-ol9_x86_64_u5_baseos_patch
kernel-modules-extra-5.14.0-503.40.1.el9_5.x86_64.rpmfc1d62c5dd9e86cd71a45388274de190b8ad7c905cb510db8025faa299a5cef5-ol9_x86_64_baseos_latest
kernel-modules-extra-5.14.0-503.40.1.el9_5.x86_64.rpmfc1d62c5dd9e86cd71a45388274de190b8ad7c905cb510db8025faa299a5cef5-ol9_x86_64_u5_baseos_patch
kernel-tools-5.14.0-503.40.1.el9_5.x86_64.rpma503ede62070d8ecdc75a7fa241e0c8c4485228b9fc6e93d08afe678b2a0155a-ol9_x86_64_baseos_latest
kernel-tools-5.14.0-503.40.1.el9_5.x86_64.rpma503ede62070d8ecdc75a7fa241e0c8c4485228b9fc6e93d08afe678b2a0155a-ol9_x86_64_u5_baseos_patch
kernel-tools-libs-5.14.0-503.40.1.el9_5.x86_64.rpma0030d643f36783b101a6bbcdb5f637e92bc222abcb6ddc7d9f40ba1794df440-ol9_x86_64_baseos_latest
kernel-tools-libs-5.14.0-503.40.1.el9_5.x86_64.rpma0030d643f36783b101a6bbcdb5f637e92bc222abcb6ddc7d9f40ba1794df440-ol9_x86_64_u5_baseos_patch
kernel-tools-libs-devel-5.14.0-503.40.1.el9_5.x86_64.rpm3f4b386a352062f0ba2462e60bcfb9762b7e7a09b7445a9a274b3fcea5d27503-ol9_x86_64_codeready_builder
kernel-uki-virt-5.14.0-503.40.1.el9_5.x86_64.rpmffb5c140b754406668aa4d3dce0e5a623b315b51b81522ddaefea698e66c01a7-ol9_x86_64_baseos_latest
kernel-uki-virt-5.14.0-503.40.1.el9_5.x86_64.rpmffb5c140b754406668aa4d3dce0e5a623b315b51b81522ddaefea698e66c01a7-ol9_x86_64_u5_baseos_patch
kernel-uki-virt-addons-5.14.0-503.40.1.el9_5.x86_64.rpme3530380ce6b344b8c56c7ca0307c848b4a672a71d05331586f59dc96efc60df-ol9_x86_64_baseos_latest
kernel-uki-virt-addons-5.14.0-503.40.1.el9_5.x86_64.rpme3530380ce6b344b8c56c7ca0307c848b4a672a71d05331586f59dc96efc60df-ol9_x86_64_u5_baseos_patch
libperf-5.14.0-503.40.1.el9_5.x86_64.rpm2baf470af013bf66d1e5ca9824679b26299883b26569b0459c9dc8d17ed061b9-ol9_x86_64_codeready_builder
perf-5.14.0-503.40.1.el9_5.x86_64.rpma42e57d4fae6f87e0505a36a57927bea4bc9e87e0900bd6e632716db4cb4ef6b-ol9_x86_64_appstream
python3-perf-5.14.0-503.40.1.el9_5.x86_64.rpm1ed92234f303b098dd981406220c849838cb97b572330be23dfa406dea49d88b-ol9_x86_64_baseos_latest
python3-perf-5.14.0-503.40.1.el9_5.x86_64.rpm1ed92234f303b098dd981406220c849838cb97b572330be23dfa406dea49d88b-ol9_x86_64_u5_baseos_patch
rtla-5.14.0-503.40.1.el9_5.x86_64.rpmd80bb20eebb7d053312593431bae0d6b7e92dda4061bb967102dc013d7e05e4d-ol9_x86_64_appstream
rv-5.14.0-503.40.1.el9_5.x86_64.rpmc4f296672ae12b33e237e855c1d69fa2bc47f749c72705d982501a0623d8c60d-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete