ELSA-2025-7423

ULN >
Oracle Linux Errata repository >
ELSA-2025-7423

ELSA-2025-7423 - kernel security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-05-22

Description

[5.14.0-570.16.1.0.1_6.OL9]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-570.16.1_6]
- soc: qcom: socinfo: Avoid out of bounds read of serial number (Jared Kangas) [RHEL-88252] {CVE-2024-58007}
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (Jared Kangas) [RHEL-88252]
- soc: qcom: Add check devm_kasprintf() returned value (Jared Kangas) [RHEL-88252]

[5.14.0-570.15.1_6]
- ice: ensure periodic output start time is in the future (Petr Oros) [RHEL-86021]
- ice: fix PHY Clock Recovery availability check (Petr Oros) [RHEL-86021]
- ice: Drop auxbus use for PTP to finalize ice_adapter move (Petr Oros) [RHEL-86021]
- ice: Use ice_adapter for PTP shared data instead of auxdev (Petr Oros) [RHEL-86021]
- ice: Initial support for E825C hardware in ice_adapter (Petr Oros) [RHEL-86021]
- ice: Add ice_get_ctrl_ptp() wrapper to simplify the code (Petr Oros) [RHEL-86021]
- ice: Introduce ice_get_phy_model() wrapper (Petr Oros) [RHEL-86021]
- ice: Enable 1PPS out from CGU for E825C products (Petr Oros) [RHEL-86021]
- ice: Read SDP section from NVM for pin definitions (Petr Oros) [RHEL-86021]
- ice: Disable shared pin on E810 on setfunc (Petr Oros) [RHEL-86021]
- ice: Cache perout/extts requests and check flags (Petr Oros) [RHEL-86021]
- ice: Align E810T GPIO to other products (Petr Oros) [RHEL-86021]
- ice: Add SDPs support for E825C (Petr Oros) [RHEL-86021]
- ice: Implement ice_ptp_pin_desc (Petr Oros) [RHEL-86021]

[5.14.0-570.14.1_6]
- smb: client: fix regression with guest option (Paulo Alcantara) [RHEL-83859]
- io_uring/sqpoll: zero sqd->thread on tctx errors (CKI Backport Bot) [RHEL-87264] {CVE-2025-21633}
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (Chris Leech) [RHEL-86915] {CVE-2025-21927}
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (CKI Backport Bot) [RHEL-86840] {CVE-2025-21993}
- certs: Add ECDSA signature verification self-test (Herbert Xu) [RHEL-82247]
- certs: Move RSA self-test data to separate file (Herbert Xu) [RHEL-82247]
- certs: Break circular dependency when selftest is modular (Herbert Xu) [RHEL-82247]
- KEYS: Include linux/errno.h in linux/verification.h (Herbert Xu) [RHEL-82247]
- crypto: certs: fix FIPS selftest dependency (Herbert Xu) [RHEL-82247]
- New configs in certs/Kconfig (Fedora Kernel Team) [RHEL-82247]
- certs: Add support for using elliptic curve keys for signing modules (Herbert Xu) [RHEL-82247]
- certs: Trigger creation of RSA module signing key if it's not an RSA key (Herbert Xu) [RHEL-82247]
- tpm: Change to kvalloc() in eventlog/acpi.c (Stepan Horacek) [RHEL-82147] {CVE-2024-58005}

[5.14.0-570.13.1_6]
- scsi: storvsc: Set correct data length for sending SCSI command without payload (Cathy Avery) [RHEL-83049]
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (Maxim Levitsky) [RHEL-85942]
- net: netvsc: Update default VMBus channels (Maxim Levitsky) [RHEL-85942]
- net: mana: cleanup mana struct after debugfs_remove() (Maxim Levitsky) [RHEL-85942]
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (Maxim Levitsky) [RHEL-85942]
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (Maxim Levitsky) [RHEL-85942]
- net: mana: Fix memory leak in mana_gd_setup_irqs (Maxim Levitsky) [RHEL-85942]
- net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (Maxim Levitsky) [RHEL-85942]
- net: mana: use ethtool string helpers (Maxim Levitsky) [RHEL-85942]
- net: mana: Enable debugfs files for MANA device (Maxim Levitsky) [RHEL-85942]
- net: mana: Add get_link and get_link_ksettings in ethtool (Maxim Levitsky) [RHEL-85942]
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (Maxim Levitsky) [RHEL-85942]
- net: mana: Improve mana_set_channels() in low mem conditions (Maxim Levitsky) [RHEL-85942]
- net: mana: Implement get_ringparam/set_ringparam for mana (Maxim Levitsky) [RHEL-85942]
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (Maxim Levitsky) [RHEL-85942]
- ice: Fix signedness bug in ice_init_interrupt_scheme() (Petr Oros) [RHEL-80557]
- ice: init flow director before RDMA (Petr Oros) [RHEL-80557]
- ice: simplify VF MSI-X managing (Petr Oros) [RHEL-80557]
- ice: enable_rdma devlink param (Petr Oros) [RHEL-80557]
- ice: treat dyn_allowed only as suggestion (Petr Oros) [RHEL-80557]
- ice, irdma: move interrupts code to irdma (Petr Oros) [RHEL-80557]
- ice: get rid of num_lan_msix field (Petr Oros) [RHEL-80557]
- ice: remove splitting MSI-X between features (Petr Oros) [RHEL-80557]
- ice: devlink PF MSI-X max and min parameter (Petr Oros) [RHEL-80557]
- ice: ice_probe: init ice_adapter after HW init (Petr Oros) [RHEL-80557]
- ice: minor: rename goto labels from err to unroll (Petr Oros) [RHEL-80557]
- ice: split ice_init_hw() out from ice_init_dev() (Petr Oros) [RHEL-80557]
- ice: c827: move wait for FW to ice_init_hw() (Petr Oros) [RHEL-80557]
- smb: client: don't retry IO on failed negprotos with soft mounts (Jay Shin) [RHEL-85524]
- cgroup: Remove steal time from usage_usec (Waiman Long) [RHEL-85398]
- rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CKI Backport Bot) [RHEL-85395] {CVE-2024-58069}

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	kernel-5.14.0-570.16.1.0.1.el9_6.src.rpm	3e5a4cfc207fdcb084cee52a48bd35ef1d253b15ca4e0e161b79bfa6810392c5	-	ol9_aarch64_appstream
	kernel-5.14.0-570.16.1.0.1.el9_6.src.rpm	3e5a4cfc207fdcb084cee52a48bd35ef1d253b15ca4e0e161b79bfa6810392c5	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-570.16.1.0.1.el9_6.src.rpm	3e5a4cfc207fdcb084cee52a48bd35ef1d253b15ca4e0e161b79bfa6810392c5	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-570.16.1.0.1.el9_6.src.rpm	3e5a4cfc207fdcb084cee52a48bd35ef1d253b15ca4e0e161b79bfa6810392c5	-	ol9_aarch64_u6_baseos_patch
	kernel-cross-headers-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm	5b9625f62460572b804f1d5a8c41b2282b0ea22c22301e663e98d938c0fe6523	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm	e431c8b9b0fb2d7e25cd26daedfbe922137465834cee4eb68403ae3ba88ca81a	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm	762c836f5e86b5ae358b1643e147099daeccbddce242a3aba2e2f5af5b941299	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm	762c836f5e86b5ae358b1643e147099daeccbddce242a3aba2e2f5af5b941299	-	ol9_aarch64_u6_baseos_patch
	kernel-tools-libs-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm	ba5972e7eee6951cdd2f36ff26adc5021a1e287b6188c3d6bbe09a8fe1c0f0ad	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm	ba5972e7eee6951cdd2f36ff26adc5021a1e287b6188c3d6bbe09a8fe1c0f0ad	-	ol9_aarch64_u6_baseos_patch
	kernel-tools-libs-devel-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm	9cfb3a00ac1889d85f48c885ec991502bcb93aa7b24eec2a72fe6b1c41d5d235	-	ol9_aarch64_codeready_builder
	perf-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm	8f258c1f4b786978ec1ebce5d6d34cacfddc179b2b58b08cec6781df6faf8ece	-	ol9_aarch64_appstream
	python3-perf-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm	6f576c4f070edd01920d00ff05e6d3a8ab3e4882d9aea29fe7c30c92ae41d644	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm	6f576c4f070edd01920d00ff05e6d3a8ab3e4882d9aea29fe7c30c92ae41d644	-	ol9_aarch64_u6_baseos_patch
	rtla-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm	632665b460adeb7c3ed5122c17d17326d21c0e2803f100d12099eda80b882c63	-	ol9_aarch64_appstream
	rv-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm	fce4e4a4eb516d797b06e95d8b7edfd19c0c1f8b75150ee721a7b33d0b846507	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	kernel-5.14.0-570.16.1.0.1.el9_6.src.rpm	3e5a4cfc207fdcb084cee52a48bd35ef1d253b15ca4e0e161b79bfa6810392c5	-	ol9_x86_64_appstream
	kernel-5.14.0-570.16.1.0.1.el9_6.src.rpm	3e5a4cfc207fdcb084cee52a48bd35ef1d253b15ca4e0e161b79bfa6810392c5	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-570.16.1.0.1.el9_6.src.rpm	3e5a4cfc207fdcb084cee52a48bd35ef1d253b15ca4e0e161b79bfa6810392c5	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-570.16.1.0.1.el9_6.src.rpm	3e5a4cfc207fdcb084cee52a48bd35ef1d253b15ca4e0e161b79bfa6810392c5	-	ol9_x86_64_u6_baseos_patch
	kernel-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	90df365f0f4ea7ab364bb0373f96c24de64cf9ad45cb1c994c3a1e28a78bdd68	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	90df365f0f4ea7ab364bb0373f96c24de64cf9ad45cb1c994c3a1e28a78bdd68	-	ol9_x86_64_u6_baseos_patch
	kernel-abi-stablelists-5.14.0-570.16.1.0.1.el9_6.noarch.rpm	96fabe3a43818b386642b79138fe71ab3ed3543322091644c28a47ca8cfffd61	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-570.16.1.0.1.el9_6.noarch.rpm	96fabe3a43818b386642b79138fe71ab3ed3543322091644c28a47ca8cfffd61	-	ol9_x86_64_u6_baseos_patch
	kernel-core-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	33e6e5cd5060d553b995ba9fc611a0d48e971c5d2c4be1ddca8ab2d807bbea0f	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	33e6e5cd5060d553b995ba9fc611a0d48e971c5d2c4be1ddca8ab2d807bbea0f	-	ol9_x86_64_u6_baseos_patch
	kernel-cross-headers-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	d2d6deb36b4fe87450c0202f041473c8f6d524f2437a00a2b28f8c0e6c64fdaf	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	d990b3fc4dbb56096dc1fcc5d951857a0b86fa9a5677c408c76a209fd7862c3f	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	d990b3fc4dbb56096dc1fcc5d951857a0b86fa9a5677c408c76a209fd7862c3f	-	ol9_x86_64_u6_baseos_patch
	kernel-debug-core-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	20cfd60007b279fdd2f50968f38f4fd4cdfdaa524d6b677c889bd9700b1954ae	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	20cfd60007b279fdd2f50968f38f4fd4cdfdaa524d6b677c889bd9700b1954ae	-	ol9_x86_64_u6_baseos_patch
	kernel-debug-devel-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	b7a1c7016699de013f394f10698abaf7d6cd4be0b80ff5e4eb5ebdf28a0ef845	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	803f77e1055658363b52c7481ff7484644fbd59ba3338c836b7eb5f6bf9e30cb	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	fdc3ade6cf93b6dfbe5c7c48e2a33e81191eb4c72b8232e8a524600c8d1d7b0b	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	fdc3ade6cf93b6dfbe5c7c48e2a33e81191eb4c72b8232e8a524600c8d1d7b0b	-	ol9_x86_64_u6_baseos_patch
	kernel-debug-modules-core-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	ca827636fc3d274de23d68c6a6ffa5514fc2f2efac3888cd19733f0f0149062b	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	ca827636fc3d274de23d68c6a6ffa5514fc2f2efac3888cd19733f0f0149062b	-	ol9_x86_64_u6_baseos_patch
	kernel-debug-modules-extra-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	687983391b41e535647b157c6fba8e594a4ffabfc62533574862dbf3506967c4	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	687983391b41e535647b157c6fba8e594a4ffabfc62533574862dbf3506967c4	-	ol9_x86_64_u6_baseos_patch
	kernel-debug-uki-virt-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	ff025ef4cf813da34acbcc875b120af52bdd2f3cf27392ec64b55c1457320df5	-	ol9_x86_64_baseos_latest
	kernel-debug-uki-virt-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	ff025ef4cf813da34acbcc875b120af52bdd2f3cf27392ec64b55c1457320df5	-	ol9_x86_64_u6_baseos_patch
	kernel-devel-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	6c89059c6a4b9f091a0163b3ba5cec267c3460f8f6b87c20f8c201cb8ba87d01	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	c7a01c4094a3b70eaf962aba1eecae83994c7d86f8be88bbb6cde2a0f9aa2d54	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-570.16.1.0.1.el9_6.noarch.rpm	910c5e723e1386328c23993fe50e49330b6da259b0d9ae45d5d1adefe7a6b364	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	c5f1b177a5b08cfbf9531b61ab96cbb99e0e2e41b30da640de5810d0cd0a5b4d	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	d91b4e9005bc2ac86c0a2f99cca9cd77a51964aa0055ac016d0df5381720a4a1	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	d91b4e9005bc2ac86c0a2f99cca9cd77a51964aa0055ac016d0df5381720a4a1	-	ol9_x86_64_u6_baseos_patch
	kernel-modules-core-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	da4eca3b42d94fbc38163c1f139024c22ab3bd7dfa7c17816f05bbf19204ba72	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	da4eca3b42d94fbc38163c1f139024c22ab3bd7dfa7c17816f05bbf19204ba72	-	ol9_x86_64_u6_baseos_patch
	kernel-modules-extra-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	604165762685b5cb11375587aa2ca7ea4a876f748b450d3cc5936899e2e4b74a	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	604165762685b5cb11375587aa2ca7ea4a876f748b450d3cc5936899e2e4b74a	-	ol9_x86_64_u6_baseos_patch
	kernel-tools-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	22c6fd415afbca3518ee16a00d258d18d1e6942a616310c4a7e57f93af986d23	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	22c6fd415afbca3518ee16a00d258d18d1e6942a616310c4a7e57f93af986d23	-	ol9_x86_64_u6_baseos_patch
	kernel-tools-libs-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	29f3013e2c25f2bad1758d3afad43788cdd1007d8132cdaf9c7b910345eda7c8	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	29f3013e2c25f2bad1758d3afad43788cdd1007d8132cdaf9c7b910345eda7c8	-	ol9_x86_64_u6_baseos_patch
	kernel-tools-libs-devel-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	65704cd4277a49c0ad91e1f95bf8bc154126258ac3f3f7db916a5ef6c7b5da75	-	ol9_x86_64_codeready_builder
	kernel-uki-virt-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	806368978f45bf2087a3d5540e957339e2b20aad276d635d01b515b9c900d94b	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	806368978f45bf2087a3d5540e957339e2b20aad276d635d01b515b9c900d94b	-	ol9_x86_64_u6_baseos_patch
	kernel-uki-virt-addons-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	fb49854cae8dd9c32ee3434eb02f4ac12b0cf78435dcc149c6162585e5c3ffe2	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-addons-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	fb49854cae8dd9c32ee3434eb02f4ac12b0cf78435dcc149c6162585e5c3ffe2	-	ol9_x86_64_u6_baseos_patch
	libperf-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	96a775342c13483dd103394244afe5ac9e2ea8cea66ac4c4c1e6698ac06eebf2	-	ol9_x86_64_codeready_builder
	perf-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	4ed8e00b96b709a054fce0724cf2143ee59e07d3896b9956b6e9c607a8e7a433	-	ol9_x86_64_appstream
	python3-perf-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	c0842446fbab84833bcfedb672a883d6414180f6e3fe7edce8699c9cf1d2a943	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	c0842446fbab84833bcfedb672a883d6414180f6e3fe7edce8699c9cf1d2a943	-	ol9_x86_64_u6_baseos_patch
	rtla-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	a44293b048b2c6872d32d9ef61ec3cefe85c9277dc26df581783db94aa929327	-	ol9_x86_64_appstream
	rv-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm	58144040b92806f3b44e2c89c10b3e7a2944c1bfd21c1a8285e8796016589eb5	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691