ELSA-2025-9580

ULN >
Oracle Linux Errata repository >
ELSA-2025-9580

ELSA-2025-9580 - kernel security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2025-06-25

Description

[4.18.0-553.58.1_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]

[4.18.0-553.58.1_10]
- ndisc: use RCU protection in ndisc_alloc_skb() (Xin Long) [RHEL-89535] {CVE-2025-21764}
- ipv6: use RCU protection in ip6_default_advmss() (Xin Long) [RHEL-89535] {CVE-2025-21765}
- net: add dev_net_rcu() helper (Xin Long) [RHEL-89535] {CVE-2025-21765}
- net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() (Xin Long) [RHEL-89535]
- idpf: check error for register_netdev() on init (Michal Schmidt) [RHEL-71182] {CVE-2025-22116}
- idpf: avoid mailbox timeout delays during reset (Michal Schmidt) [RHEL-71182]
- idpf: fix a race in txq wakeup (Michal Schmidt) [RHEL-71182]
- idpf: fix idpf_vport_splitq_napi_poll() (Michal Schmidt) [RHEL-71182]
- idpf: fix null-ptr-deref in idpf_features_check (Michal Schmidt) [RHEL-71182]
- idpf: protect shutdown from reset (Michal Schmidt) [RHEL-71182]
- idpf: fix potential memory leak on kcalloc() failure (Michal Schmidt) [RHEL-71182]
- idpf: fix offloads support for encapsulated packets (Michal Schmidt) [RHEL-71182]
- idpf: fix adapter NULL pointer dereference on reboot (Michal Schmidt) [RHEL-71182] {CVE-2025-22065}
- idpf: fix checksums set in idpf_rx_rsc() (Michal Schmidt) [RHEL-71182] {CVE-2025-21890}
- idpf: fix handling rsc packet with a single segment (Michal Schmidt) [RHEL-71182]
- idpf: add more info during virtchnl transaction timeout/salt mismatch (Michal Schmidt) [RHEL-71182]
- idpf: convert workqueues to unbound (Michal Schmidt) [RHEL-71182] {CVE-2024-58057}
- idpf: Acquire the lock before accessing the xn->salt (Michal Schmidt) [RHEL-71182]
- idpf: fix transaction timeouts on reset (Michal Schmidt) [RHEL-71182]
- idpf: add read memory barrier when checking descriptor done bit (Michal Schmidt) [RHEL-71182]
- idpf: deinit virtchnl transaction manager after vport and vectors (Michal Schmidt) [RHEL-71182]
- idpf: use actual mbx receive payload length (Michal Schmidt) [RHEL-71182]
- idpf: call set_real_num_queues in idpf_open (Michal Schmidt) [RHEL-71182 RHEL-90849]
- idpf: fix idpf_vc_core_init error path (Michal Schmidt) [RHEL-68233 RHEL-71182 RHEL-90846] {CVE-2024-53064}
- idpf: avoid vport access in idpf_get_link_ksettings (Michal Schmidt) [RHEL-71182 RHEL-90846] {CVE-2024-50274}
- idpf: fix netdev Tx queue stop/wake (Michal Schmidt) [RHEL-71182]
- idpf: fix UAFs when destroying the queues (Michal Schmidt) [RHEL-71182] {CVE-2024-44932}
- idpf: fix memleak in vport interrupt configuration (Michal Schmidt) [RHEL-71182]
- idpf: fix memory leaks and crashes while performing a soft reset (Michal Schmidt) [RHEL-71182] {CVE-2024-44964}
- idpf: compile singleq code only under default-n CONFIG_IDPF_SINGLEQ (Michal Schmidt) [RHEL-71182]
- redhat/configs: set CONFIG_IDPF_SINGLEQ as disabled (Michal Schmidt) [RHEL-71182]
- idpf: merge singleq and splitq &net_device_ops (Michal Schmidt) [RHEL-71182]
- idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (Michal Schmidt) [RHEL-71182]
- idpf: split &idpf_queue into 4 strictly-typed queue structures (Michal Schmidt) [RHEL-71182]
- idpf: remove legacy Page Pool Ethtool stats (Michal Schmidt) [RHEL-71182]
- net: remove gfp_mask from napi_alloc_skb() [idpf] (Michal Schmidt) [RHEL-71182]
- idpf: stop using macros for accessing queue descriptors (Michal Schmidt) [RHEL-71182]
- idpf: don't enable NAPI and interrupts prior to allocating Rx buffers (Michal Schmidt) [RHEL-71182]
- idpf: Interpret .set_channels() input differently (Michal Schmidt) [RHEL-71182]
- idpf: make virtchnl2.h self-contained (Michal Schmidt) [RHEL-71182]
- s390/pci: Serialize device addition and removal (Mete Durlu) [RHEL-95783]
- s390/pci: Allow re-add of a reserved but not yet removed device (Mete Durlu) [RHEL-95783]
- s390/pci: Prevent self deletion in disable_slot() (Mete Durlu) [RHEL-95783]
- s390/pci: Remove redundant bus removal and disable from zpci_release_device() (Mete Durlu) [RHEL-95783]
- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (Mete Durlu) [RHEL-95783]
- s390/pci: Fix missing check for zpci_create_device() error return (Mete Durlu) [RHEL-95783]
- s390/pci: Fix potential double remove of hotplug slot (Mete Durlu) [RHEL-95783]
- s390/pci: remove hotplug slot when releasing the device (Mete Durlu) [RHEL-95783]
- s390/pci: introduce lock to synchronize state of zpci_dev's (Mete Durlu) [RHEL-95783]
- s390/pci: rename lock member in struct zpci_dev (Mete Durlu) [RHEL-95783]

[4.18.0-553.57.1_10]
- smb: client: fix warning in cifs_smb3_do_mount() (Paulo Alcantara) [RHEL-55825]
- cifs: fix double free race when mount fails in cifs_get_root() (Paulo Alcantara) [RHEL-55825] {CVE-2022-48919}
- security/keys: fix slab-out-of-bounds in key_task_permission (CKI Backport Bot) [RHEL-68090] {CVE-2024-50301}

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	kernel-4.18.0-553.58.1.el8_10.src.rpm	1a433f5db15d64307146032d7a03b23c2680a5391f0b1471495d989b1d1ffe50	-	ol8_aarch64_baseos_latest
	kernel-4.18.0-553.58.1.el8_10.src.rpm	1a433f5db15d64307146032d7a03b23c2680a5391f0b1471495d989b1d1ffe50	-	ol8_aarch64_codeready_builder
	kernel-4.18.0-553.58.1.el8_10.src.rpm	1a433f5db15d64307146032d7a03b23c2680a5391f0b1471495d989b1d1ffe50	-	ol8_aarch64_u10_baseos_patch

Oracle Linux 8 (x86_64)	kernel-4.18.0-553.58.1.el8_10.src.rpm	1a433f5db15d64307146032d7a03b23c2680a5391f0b1471495d989b1d1ffe50	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-553.58.1.el8_10.src.rpm	1a433f5db15d64307146032d7a03b23c2680a5391f0b1471495d989b1d1ffe50	-	ol8_x86_64_codeready_builder
	kernel-4.18.0-553.58.1.el8_10.src.rpm	1a433f5db15d64307146032d7a03b23c2680a5391f0b1471495d989b1d1ffe50	-	ol8_x86_64_u10_baseos_patch
	bpftool-4.18.0-553.58.1.el8_10.x86_64.rpm	93fa8b6d8c914eb5bbecbb58a9d7ae7d60a4d77359eb7ea2b0e7c41db1d03d52	-	ol8_x86_64_baseos_latest
	bpftool-4.18.0-553.58.1.el8_10.x86_64.rpm	93fa8b6d8c914eb5bbecbb58a9d7ae7d60a4d77359eb7ea2b0e7c41db1d03d52	-	ol8_x86_64_u10_baseos_patch
	kernel-4.18.0-553.58.1.el8_10.x86_64.rpm	259b708c253d35751db4c2d424c018f307902cf9cbff7f4d654a70d4aa053105	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-553.58.1.el8_10.x86_64.rpm	259b708c253d35751db4c2d424c018f307902cf9cbff7f4d654a70d4aa053105	-	ol8_x86_64_u10_baseos_patch
	kernel-abi-stablelists-4.18.0-553.58.1.el8_10.noarch.rpm	7fd7138beda59e70a8f7ed391fbeead95543d669665d541622b42b1076cb2217	-	ol8_x86_64_baseos_latest
	kernel-abi-stablelists-4.18.0-553.58.1.el8_10.noarch.rpm	7fd7138beda59e70a8f7ed391fbeead95543d669665d541622b42b1076cb2217	-	ol8_x86_64_u10_baseos_patch
	kernel-core-4.18.0-553.58.1.el8_10.x86_64.rpm	f3d6b6d439eeff3003a67958941b9c36f61d3c4e3508c55f1363c3e9849a8088	-	ol8_x86_64_baseos_latest
	kernel-core-4.18.0-553.58.1.el8_10.x86_64.rpm	f3d6b6d439eeff3003a67958941b9c36f61d3c4e3508c55f1363c3e9849a8088	-	ol8_x86_64_u10_baseos_patch
	kernel-cross-headers-4.18.0-553.58.1.el8_10.x86_64.rpm	9b7dcc499adfee4072d9d620b48ec3c071e14c3e746fd308956f54040c66e483	-	ol8_x86_64_baseos_latest
	kernel-cross-headers-4.18.0-553.58.1.el8_10.x86_64.rpm	9b7dcc499adfee4072d9d620b48ec3c071e14c3e746fd308956f54040c66e483	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-4.18.0-553.58.1.el8_10.x86_64.rpm	3b4832ba2f4cc784a16fac5128e3a151b440805dae65092db0728301b89c553a	-	ol8_x86_64_baseos_latest
	kernel-debug-4.18.0-553.58.1.el8_10.x86_64.rpm	3b4832ba2f4cc784a16fac5128e3a151b440805dae65092db0728301b89c553a	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-core-4.18.0-553.58.1.el8_10.x86_64.rpm	82db6d7e5fd1ec67ec0ad9b0ff1a890fec06f47139b41d3259e2a5e409b95b51	-	ol8_x86_64_baseos_latest
	kernel-debug-core-4.18.0-553.58.1.el8_10.x86_64.rpm	82db6d7e5fd1ec67ec0ad9b0ff1a890fec06f47139b41d3259e2a5e409b95b51	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-devel-4.18.0-553.58.1.el8_10.x86_64.rpm	79a44aca2354340c2071e0b92d9820f88e954dcb7f6d2ee130f2d7f22ce7816b	-	ol8_x86_64_baseos_latest
	kernel-debug-devel-4.18.0-553.58.1.el8_10.x86_64.rpm	79a44aca2354340c2071e0b92d9820f88e954dcb7f6d2ee130f2d7f22ce7816b	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-modules-4.18.0-553.58.1.el8_10.x86_64.rpm	bb994e7143cb2234a837e0775203e8ab16ca6396025e4bf67f696d75c878c893	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-4.18.0-553.58.1.el8_10.x86_64.rpm	bb994e7143cb2234a837e0775203e8ab16ca6396025e4bf67f696d75c878c893	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-modules-extra-4.18.0-553.58.1.el8_10.x86_64.rpm	922991f5ef5deced9958b02e73dedb773bfbcc44c6885ed117764950ed4b1ae5	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-extra-4.18.0-553.58.1.el8_10.x86_64.rpm	922991f5ef5deced9958b02e73dedb773bfbcc44c6885ed117764950ed4b1ae5	-	ol8_x86_64_u10_baseos_patch
	kernel-devel-4.18.0-553.58.1.el8_10.x86_64.rpm	c9e0f350a6e7dc38b241b89e5a655343a24c80da836879fe82dac5bcda7f0abe	-	ol8_x86_64_baseos_latest
	kernel-devel-4.18.0-553.58.1.el8_10.x86_64.rpm	c9e0f350a6e7dc38b241b89e5a655343a24c80da836879fe82dac5bcda7f0abe	-	ol8_x86_64_u10_baseos_patch
	kernel-doc-4.18.0-553.58.1.el8_10.noarch.rpm	46330f26cfd5e4be2b5f5b0e243fe72212309027163f45935fa471468ebd5a65	-	ol8_x86_64_baseos_latest
	kernel-doc-4.18.0-553.58.1.el8_10.noarch.rpm	46330f26cfd5e4be2b5f5b0e243fe72212309027163f45935fa471468ebd5a65	-	ol8_x86_64_u10_baseos_patch
	kernel-headers-4.18.0-553.58.1.el8_10.x86_64.rpm	7575c77bb3de885a362eec132266d4fb0a0b497f6c04b15510d172b64cb823c8	-	ol8_x86_64_baseos_latest
	kernel-headers-4.18.0-553.58.1.el8_10.x86_64.rpm	7575c77bb3de885a362eec132266d4fb0a0b497f6c04b15510d172b64cb823c8	-	ol8_x86_64_u10_baseos_patch
	kernel-modules-4.18.0-553.58.1.el8_10.x86_64.rpm	f8bc43b071e88bc2e4717da94cf554aa8e77b939b6db4d2b794f7e0010a68016	-	ol8_x86_64_baseos_latest
	kernel-modules-4.18.0-553.58.1.el8_10.x86_64.rpm	f8bc43b071e88bc2e4717da94cf554aa8e77b939b6db4d2b794f7e0010a68016	-	ol8_x86_64_u10_baseos_patch
	kernel-modules-extra-4.18.0-553.58.1.el8_10.x86_64.rpm	c66c1376f53a1b274ad5684446f1f7174f63c50d194892780eca14813277cf2b	-	ol8_x86_64_baseos_latest
	kernel-modules-extra-4.18.0-553.58.1.el8_10.x86_64.rpm	c66c1376f53a1b274ad5684446f1f7174f63c50d194892780eca14813277cf2b	-	ol8_x86_64_u10_baseos_patch
	kernel-tools-4.18.0-553.58.1.el8_10.x86_64.rpm	e011e85fd9f474e7c8e5bfeddaa859846c7b7d15ff87ba4233da4751f2ae1b67	-	ol8_x86_64_baseos_latest
	kernel-tools-4.18.0-553.58.1.el8_10.x86_64.rpm	e011e85fd9f474e7c8e5bfeddaa859846c7b7d15ff87ba4233da4751f2ae1b67	-	ol8_x86_64_u10_baseos_patch
	kernel-tools-libs-4.18.0-553.58.1.el8_10.x86_64.rpm	983b984b66212d103221211bd2048ae773cdbd7c2a1d4a3a67a6c8ba63f53c22	-	ol8_x86_64_baseos_latest
	kernel-tools-libs-4.18.0-553.58.1.el8_10.x86_64.rpm	983b984b66212d103221211bd2048ae773cdbd7c2a1d4a3a67a6c8ba63f53c22	-	ol8_x86_64_u10_baseos_patch
	kernel-tools-libs-devel-4.18.0-553.58.1.el8_10.x86_64.rpm	10d46e3355433ec1dc44f5d3befb38f0da466d40260e9233f6d87fd11d21b4b4	-	ol8_x86_64_codeready_builder
	perf-4.18.0-553.58.1.el8_10.x86_64.rpm	c79f7094d5d73362720509bb84f8476f728e3a91cdb0ab6d24130837f0af1071	-	ol8_x86_64_baseos_latest
	perf-4.18.0-553.58.1.el8_10.x86_64.rpm	c79f7094d5d73362720509bb84f8476f728e3a91cdb0ab6d24130837f0af1071	-	ol8_x86_64_u10_baseos_patch
	python3-perf-4.18.0-553.58.1.el8_10.x86_64.rpm	ba1ce4ee95c9757775ef08afc3e30579d64f76fde13bea1a66178befe1c4e84a	-	ol8_x86_64_baseos_latest
	python3-perf-4.18.0-553.58.1.el8_10.x86_64.rpm	ba1ce4ee95c9757775ef08afc3e30579d64f76fde13bea1a66178befe1c4e84a	-	ol8_x86_64_u10_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691