ELSA-2025-0059

ULN >
Oracle Linux Errata repository >
ELSA-2025-0059

ELSA-2025-0059 - kernel security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2025-01-10

Description

[5.14.0-503.21.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.21.1_5]
- mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (CKI Backport Bot) [RHEL-66899] {CVE-2024-50252}
- CVE-2024-53122 mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (Patrick Talbert) [RHEL-70083 RHEL-69670] {CVE-2024-53122}
- mm: make show_free_areas() static (Aristeu Rozanski) [RHEL-66998 RHEL-27743]
- mm: remove arguments of show_mem() (Aristeu Rozanski) [RHEL-66998 RHEL-27743]
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (Thomas Huth) [RHEL-67922 RHEL-65229]
- KVM: s390: gaccess: Check if guest address is in memslot (Thomas Huth) [RHEL-67922 RHEL-65229]
- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (Thomas Huth) [RHEL-67922 RHEL-65229]
- s390/uv: Panic for set and remove shared access UVC errors (Thomas Huth) [RHEL-67922 RHEL-65229]
- KVM: s390: remove useless include (Thomas Huth) [RHEL-67922 RHEL-65229]
- s390/mm: Re-enable the shared zeropage for !PV and !skeys KVM guests (Thomas Huth) [RHEL-67922 RHEL-65229]
- mm/userfaultfd: Do not place zeropages when zeropages are disallowed (Thomas Huth) [RHEL-67922 RHEL-65229]
- s390: allow pte_offset_map_lock() to fail (Thomas Huth) [RHEL-67922 RHEL-54248]
- KVM: s390: vsie: Use virt_to_phys for crypto control block (Thomas Huth) [RHEL-67922 RHEL-65229]
- KVM: s390: vsie: Use virt_to_phys for facility control block (Thomas Huth) [RHEL-67922 RHEL-65229]
- gfs2: Prevent inode creation race (Andreas Gruenbacher) [RHEL-68137 RHEL-68102]
- gfs2: Only defer deletes when we have an iopen glock (Andreas Gruenbacher) [RHEL-68137 RHEL-68102]
- gfs2: Randomize GLF_VERIFY_DELETE work delay (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Update to the evict / remote delete documentation (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Call gfs2_queue_verify_delete from gfs2_evict_inode (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Clean up delete work processing (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Minor delete_work_func cleanup (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Rename dinode_demise to evict_behavior (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Faster gfs2_upgrade_iopen_glock wakeups (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Fix unlinked inode cleanup (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Allow immediate GLF_VERIFY_DELETE work (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Initialize gl_no_formal_ino earlier (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: make timeout values more explicit (Wolfram Sang) [RHEL-62105 RHEL-60945]
- gfs2: Simplify function gfs2_upgrade_iopen_glock (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Rename SDF_DEACTIVATING to SDF_KILL (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- smb: client: fix use-after-free of signing key (Jay Shin) [RHEL-69306 RHEL-66206]
- net/iucv: fix use after free in iucv_sock_close() (Mete Durlu) [RHEL-60300 RHEL-53992]
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (CKI Backport Bot) [RHEL-70294]

[5.14.0-503.20.1_5]
- bnxt_en: Add support for user configured RSS key (Michal Schmidt) [RHEL-68699 RHEL-54645]
- bnxt_en: Add function to calculate Toeplitz hash (Michal Schmidt) [RHEL-68699 RHEL-54645]
- kvm: Note an RCU quiescent state on guest exit (Leonardo Bras) [RHEL-65734 RHEL-20288]
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full OS jitter (Leonardo Bras) [RHEL-65734 RHEL-20288]
- context_tracking: Fix KCSAN noinstr violation (Leonardo Bras) [RHEL-65734 RHEL-20288]
- perf/aux: Fix AUX buffer serialization (Michael Petlan) [RHEL-67495] {CVE-2024-46713}
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (Mohammad Heib) [RHEL-66669 RHEL-52759] {CVE-2024-50208}

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	kernel-5.14.0-503.21.1.el9_5.src.rpm	3766918efbfea8cbd9c72f970c799029	-	ol9_aarch64_appstream
	kernel-5.14.0-503.21.1.el9_5.src.rpm	3766918efbfea8cbd9c72f970c799029	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-503.21.1.el9_5.src.rpm	3766918efbfea8cbd9c72f970c799029	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-503.21.1.el9_5.src.rpm	3766918efbfea8cbd9c72f970c799029	-	ol9_aarch64_u5_baseos_patch
	bpftool-7.4.0-503.21.1.el9_5.aarch64.rpm	1d552269efd801ac8d57635c1d61ec6f	-	ol9_aarch64_baseos_latest
	bpftool-7.4.0-503.21.1.el9_5.aarch64.rpm	1d552269efd801ac8d57635c1d61ec6f	-	ol9_aarch64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.21.1.el9_5.aarch64.rpm	4d183fe4c32e85307b14a6ddc7bd3d2f	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-503.21.1.el9_5.aarch64.rpm	7eb2d88203deba3f96d90cd6e24ae709	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-503.21.1.el9_5.aarch64.rpm	60b5ce617eeb932789214cd7af9bb941	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-503.21.1.el9_5.aarch64.rpm	60b5ce617eeb932789214cd7af9bb941	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.21.1.el9_5.aarch64.rpm	9dc1448a263aa5a0576582247f1c2151	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-503.21.1.el9_5.aarch64.rpm	9dc1448a263aa5a0576582247f1c2151	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.21.1.el9_5.aarch64.rpm	62aee5d18c9883e7c74385b477f368da	-	ol9_aarch64_codeready_builder
	perf-5.14.0-503.21.1.el9_5.aarch64.rpm	e7070f6e45a7fe578ab21fe89c8e35aa	-	ol9_aarch64_appstream
	python3-perf-5.14.0-503.21.1.el9_5.aarch64.rpm	b60287489bc110be6f9ba13593339e28	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-503.21.1.el9_5.aarch64.rpm	b60287489bc110be6f9ba13593339e28	-	ol9_aarch64_u5_baseos_patch
	rtla-5.14.0-503.21.1.el9_5.aarch64.rpm	3116c1b410482fd60d0847cb856d8f42	-	ol9_aarch64_appstream
	rv-5.14.0-503.21.1.el9_5.aarch64.rpm	e60b96d0c71e3a696621e9b8f846b3e7	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	kernel-5.14.0-503.21.1.el9_5.src.rpm	3766918efbfea8cbd9c72f970c799029	-	ol9_x86_64_appstream
	kernel-5.14.0-503.21.1.el9_5.src.rpm	3766918efbfea8cbd9c72f970c799029	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.21.1.el9_5.src.rpm	3766918efbfea8cbd9c72f970c799029	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-503.21.1.el9_5.src.rpm	3766918efbfea8cbd9c72f970c799029	-	ol9_x86_64_u5_baseos_patch
	bpftool-7.4.0-503.21.1.el9_5.x86_64.rpm	9e336c3a6709c89c8f6996b92fb3cfa2	-	ol9_x86_64_baseos_latest
	bpftool-7.4.0-503.21.1.el9_5.x86_64.rpm	9e336c3a6709c89c8f6996b92fb3cfa2	-	ol9_x86_64_u5_baseos_patch
	kernel-5.14.0-503.21.1.el9_5.x86_64.rpm	30668ccc18c7bece32da347534e6f142	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.21.1.el9_5.x86_64.rpm	30668ccc18c7bece32da347534e6f142	-	ol9_x86_64_u5_baseos_patch
	kernel-abi-stablelists-5.14.0-503.21.1.el9_5.noarch.rpm	448347ffe3c3447657133b71c5d8fdc4	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-503.21.1.el9_5.noarch.rpm	448347ffe3c3447657133b71c5d8fdc4	-	ol9_x86_64_u5_baseos_patch
	kernel-core-5.14.0-503.21.1.el9_5.x86_64.rpm	5480055f8edb9fa92d78f2ae2f7b75ca	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-503.21.1.el9_5.x86_64.rpm	5480055f8edb9fa92d78f2ae2f7b75ca	-	ol9_x86_64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.21.1.el9_5.x86_64.rpm	e3c4eee05e04dd036c8d63266b2836a4	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-503.21.1.el9_5.x86_64.rpm	fcf20a8a8e3eeafa0fe841dff16edf50	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-503.21.1.el9_5.x86_64.rpm	fcf20a8a8e3eeafa0fe841dff16edf50	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-core-5.14.0-503.21.1.el9_5.x86_64.rpm	08fb26ddadecad45bec5336da5fb72a1	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-503.21.1.el9_5.x86_64.rpm	08fb26ddadecad45bec5336da5fb72a1	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-devel-5.14.0-503.21.1.el9_5.x86_64.rpm	aba201149ba5de9f52165103d7cdacad	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-503.21.1.el9_5.x86_64.rpm	6bc2f902fc70992bf61b8fcf417e7008	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-503.21.1.el9_5.x86_64.rpm	485c398337c86c62d56b1385cf21e51c	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-503.21.1.el9_5.x86_64.rpm	485c398337c86c62d56b1385cf21e51c	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-core-5.14.0-503.21.1.el9_5.x86_64.rpm	f6b0f9d1fd3313291d0612a164da80d0	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-503.21.1.el9_5.x86_64.rpm	f6b0f9d1fd3313291d0612a164da80d0	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-extra-5.14.0-503.21.1.el9_5.x86_64.rpm	ed4bfb745ff81d4736a3e0ef47f75f6f	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-503.21.1.el9_5.x86_64.rpm	ed4bfb745ff81d4736a3e0ef47f75f6f	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-uki-virt-5.14.0-503.21.1.el9_5.x86_64.rpm	60e3097c6affd4c80394e0664eda9f52	-	ol9_x86_64_baseos_latest
	kernel-debug-uki-virt-5.14.0-503.21.1.el9_5.x86_64.rpm	60e3097c6affd4c80394e0664eda9f52	-	ol9_x86_64_u5_baseos_patch
	kernel-devel-5.14.0-503.21.1.el9_5.x86_64.rpm	55f2971468450acaad5349f0015d680e	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-503.21.1.el9_5.x86_64.rpm	5798050dc084bac345d0f1d46d27c26b	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-503.21.1.el9_5.noarch.rpm	d97b3a589dfd3d06d6113d6ffe01bc7d	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-503.21.1.el9_5.x86_64.rpm	1a0e62222d7a39a7bb249afd17618d0e	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-503.21.1.el9_5.x86_64.rpm	1b992b0d73c2c2f5c3fbab2688dba7d3	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-503.21.1.el9_5.x86_64.rpm	1b992b0d73c2c2f5c3fbab2688dba7d3	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-core-5.14.0-503.21.1.el9_5.x86_64.rpm	973246c29078bd15508fa0f2dbfebc43	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-503.21.1.el9_5.x86_64.rpm	973246c29078bd15508fa0f2dbfebc43	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-extra-5.14.0-503.21.1.el9_5.x86_64.rpm	9938c385cc85e09b44261f2b862bc051	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-503.21.1.el9_5.x86_64.rpm	9938c385cc85e09b44261f2b862bc051	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-5.14.0-503.21.1.el9_5.x86_64.rpm	068a76ccc4e3f30e5b426a337f67c4c2	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-503.21.1.el9_5.x86_64.rpm	068a76ccc4e3f30e5b426a337f67c4c2	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.21.1.el9_5.x86_64.rpm	1e21b221152995687f343963c9fd4fd8	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-503.21.1.el9_5.x86_64.rpm	1e21b221152995687f343963c9fd4fd8	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.21.1.el9_5.x86_64.rpm	c17082a24cb9a4cf8ffd83c8a2646787	-	ol9_x86_64_codeready_builder
	kernel-uki-virt-5.14.0-503.21.1.el9_5.x86_64.rpm	00bd7116ed25e6358b9de8222ca34257	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-5.14.0-503.21.1.el9_5.x86_64.rpm	00bd7116ed25e6358b9de8222ca34257	-	ol9_x86_64_u5_baseos_patch
	kernel-uki-virt-addons-5.14.0-503.21.1.el9_5.x86_64.rpm	3eb0a5621dda22112c08a4665fcf8a28	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-addons-5.14.0-503.21.1.el9_5.x86_64.rpm	3eb0a5621dda22112c08a4665fcf8a28	-	ol9_x86_64_u5_baseos_patch
	libperf-5.14.0-503.21.1.el9_5.x86_64.rpm	2eeae4bd9542a1efa633c1b8d5ef5c13	-	ol9_x86_64_codeready_builder
	perf-5.14.0-503.21.1.el9_5.x86_64.rpm	78e4789423754e4e8955beb7212521f2	-	ol9_x86_64_appstream
	python3-perf-5.14.0-503.21.1.el9_5.x86_64.rpm	19dff67cb2841f6eef905b5a19f6d8d8	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-503.21.1.el9_5.x86_64.rpm	19dff67cb2841f6eef905b5a19f6d8d8	-	ol9_x86_64_u5_baseos_patch
	rtla-5.14.0-503.21.1.el9_5.x86_64.rpm	2a45b9f6a31fa7ca2e68b55a0e6f5f64	-	ol9_x86_64_appstream
	rv-5.14.0-503.21.1.el9_5.x86_64.rpm	f75f3572456fe84815e1437855557211	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691