Описание
ELSA-2025-1068: kernel security update (MODERATE)
[4.18.0-553.37.1_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
[4.18.0-553.37.1_10]
- arm64/sve: Discard stale CPU state when handling SVE traps (Mark Salter) [RHEL-71535] {CVE-2024-50275}
- scsi: core: Handle devices which return an unusually large VPD page count (Ewan D. Milne) [RHEL-34275]
- scsi: core: Fix unremoved procfs host directory regression (Ewan D. Milne) [RHEL-34275]
- scsi: core: Consult supported VPD page list prior to fetching page (Ewan D. Milne) [RHEL-34275]
- NFSv4: Fix dropped lock for racing OPEN and delegation return (Benjamin Coddington) [RHEL-73889]
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
kernel-tools-libs-devel
4.18.0-553.37.1.el8_10
bpftool
4.18.0-553.37.1.el8_10
kernel-cross-headers
4.18.0-553.37.1.el8_10
kernel-headers
4.18.0-553.37.1.el8_10
kernel-tools
4.18.0-553.37.1.el8_10
kernel-tools-libs
4.18.0-553.37.1.el8_10
perf
4.18.0-553.37.1.el8_10
python3-perf
4.18.0-553.37.1.el8_10
Oracle Linux x86_64
kernel-tools-libs-devel
4.18.0-553.37.1.el8_10
bpftool
4.18.0-553.37.1.el8_10
kernel
4.18.0-553.37.1.el8_10
kernel-abi-stablelists
4.18.0-553.37.1.el8_10
kernel-core
4.18.0-553.37.1.el8_10
kernel-cross-headers
4.18.0-553.37.1.el8_10
kernel-debug
4.18.0-553.37.1.el8_10
kernel-debug-core
4.18.0-553.37.1.el8_10
kernel-debug-devel
4.18.0-553.37.1.el8_10
kernel-debug-modules
4.18.0-553.37.1.el8_10
kernel-debug-modules-extra
4.18.0-553.37.1.el8_10
kernel-devel
4.18.0-553.37.1.el8_10
kernel-doc
4.18.0-553.37.1.el8_10
kernel-headers
4.18.0-553.37.1.el8_10
kernel-modules
4.18.0-553.37.1.el8_10
kernel-modules-extra
4.18.0-553.37.1.el8_10
kernel-tools
4.18.0-553.37.1.el8_10
kernel-tools-libs
4.18.0-553.37.1.el8_10
perf
4.18.0-553.37.1.el8_10
python3-perf
4.18.0-553.37.1.el8_10
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SVE traps enabled). This has been observed to result in warnings from do_sve_acc() where SVE traps are not expected while TIF_SVE is set: | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ Warnings of this form have been reported intermittently, e.g. https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgqpdBj+QwDLeSg=JhGg@mail.gmail.com/ https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@google.com/ The race can occur when the SVE trap handler is preempted before and after manipulating the saved FPSIMD/SVE state, startin...
In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SVE traps enabled). This has been observed to result in warnings from do_sve_acc() where SVE traps are not expected while TIF_SVE is set: | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ Warnings of this form have been reported intermittently, e.g. https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgqpdBj+QwDLeSg=JhGg@mail.gmail.com/ https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@google.com/ The race can occur when the SVE trap handler is preempted before and after manipulating the saved FPSIMD/SVE state, starting and en...
In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SVE traps enabled). This has been observed to result in warnings from do_sve_acc() where SVE traps are not expected while TIF_SVE is set: | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ Warnings of this form have been reported intermittently, e.g. https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgqpdBj+QwDLeSg=JhGg@mail.gmail.com/ https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@google.com/ The race can occur when the SVE trap handler is preempted before and after manipulating the saved FPSIMD/SVE state, starting
