ELSA-2025-11411

Опубликовано: 21 июл. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-11411: kernel security update (IMPORTANT)

[5.14.0-570.28.1.0.1_6.OL9]

nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
Disable UKI signing [Orabug: 36571828]
Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
Add Oracle Linux IMA certificates
Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

[5.14.0-570.28.1_6]

sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (CKI Backport Bot) [RHEL-101327] {CVE-2025-38089}

[5.14.0-570.27.1_6]

i2c: tegra: check msg length in SMBUS block read (Steve Dunnagan) [RHEL-100516]
net/mlx5: Generate PPS IN event on new function for shared clock (Benjamin Poirier) [RHEL-87775]
net/mlx5: Support one PTP device per hardware clock (Benjamin Poirier) [RHEL-87775]
net/mlx5: Move PPS notifier and out_work to clock_state (Benjamin Poirier) [RHEL-87775]
net/mlx5: Add devcom component for the clock shared by functions (Michal Schmidt) [RHEL-87775]
net/mlx5: Change clock in mlx5_core_dev to mlx5_clock pointer (Michal Schmidt) [RHEL-87775]
net/mlx5: Add API to get mlx5_core_dev from mlx5_clock (Benjamin Poirier) [RHEL-87775]
net/mlx5: Add init and destruction functions for a single HW clock (Benjamin Poirier) [RHEL-87775]
net/mlx5: Change parameters for PTP internal functions (Benjamin Poirier) [RHEL-87775]
net/mlx5: Add helper functions for PTP callbacks (Benjamin Poirier) [RHEL-87775]
net/mlx5: Add support for MRTCQ register (Benjamin Poirier) [RHEL-87775]
net/mlx5: use do_aux_work for PHC overflow checks (Michal Schmidt) [RHEL-87775]
mlx5_en: use read sequence for gettimex64 (Benjamin Poirier) [RHEL-87775]
media: uvcvideo: Announce the user our deprecation intentions (Desnes Nunes) [RHEL-98772]
media: uvcvideo: Allow changing noparam on the fly (Desnes Nunes) [RHEL-98772]
media: uvcvideo: Invert default value for nodrop module param (Desnes Nunes) [RHEL-98772]
media: uvcvideo: Propagate buf->error to userspace (Desnes Nunes) [RHEL-98772]
media: uvcvideo: Flush the control cache when we get an event (Desnes Nunes) [RHEL-98772]
media: uvcvideo: Annotate lock requirements for uvc_ctrl_set (Desnes Nunes) [RHEL-98772]
media: uvcvideo: Remove dangling pointers (Desnes Nunes) [RHEL-98772] {CVE-2024-58002}
media: uvcvideo: Remove redundant NULL assignment (Desnes Nunes) [RHEL-98772]
media: uvcvideo: Only save async fh if success (Desnes Nunes) [RHEL-98772]

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

kernel-cross-headers

5.14.0-570.28.1.0.1.el9_6

kernel-tools-libs-devel

5.14.0-570.28.1.0.1.el9_6

kernel-tools-libs

5.14.0-570.28.1.0.1.el9_6

python3-perf

5.14.0-570.28.1.0.1.el9_6

kernel-headers

5.14.0-570.28.1.0.1.el9_6

perf

5.14.0-570.28.1.0.1.el9_6

rtla

5.14.0-570.28.1.0.1.el9_6

kernel-tools

5.14.0-570.28.1.0.1.el9_6

Oracle Linux x86_64

kernel-debug-devel

5.14.0-570.28.1.0.1.el9_6

kernel-debug-devel-matched

5.14.0-570.28.1.0.1.el9_6

kernel-devel

5.14.0-570.28.1.0.1.el9_6

kernel-devel-matched

5.14.0-570.28.1.0.1.el9_6

kernel-doc

5.14.0-570.28.1.0.1.el9_6

kernel-headers

5.14.0-570.28.1.0.1.el9_6

perf

5.14.0-570.28.1.0.1.el9_6

rtla

5.14.0-570.28.1.0.1.el9_6

kernel-cross-headers

5.14.0-570.28.1.0.1.el9_6

kernel-tools-libs-devel

5.14.0-570.28.1.0.1.el9_6

libperf

5.14.0-570.28.1.0.1.el9_6

kernel

5.14.0-570.28.1.0.1.el9_6

kernel-abi-stablelists

5.14.0-570.28.1.0.1.el9_6

kernel-core

5.14.0-570.28.1.0.1.el9_6

kernel-debug

5.14.0-570.28.1.0.1.el9_6

kernel-debug-core

5.14.0-570.28.1.0.1.el9_6

kernel-debug-modules

5.14.0-570.28.1.0.1.el9_6

kernel-debug-modules-core

5.14.0-570.28.1.0.1.el9_6

kernel-debug-modules-extra

5.14.0-570.28.1.0.1.el9_6

kernel-debug-uki-virt

5.14.0-570.28.1.0.1.el9_6

kernel-modules

5.14.0-570.28.1.0.1.el9_6

kernel-modules-core

5.14.0-570.28.1.0.1.el9_6

kernel-modules-extra

5.14.0-570.28.1.0.1.el9_6

kernel-tools

5.14.0-570.28.1.0.1.el9_6

kernel-tools-libs

5.14.0-570.28.1.0.1.el9_6

kernel-uki-virt

5.14.0-570.28.1.0.1.el9_6

kernel-uki-virt-addons

5.14.0-570.28.1.0.1.el9_6

python3-perf

5.14.0-570.28.1.0.1.el9_6

Связанные CVE

CVE-2025-38089

CVE-2024-58002

Ссылки на источники

Связанные уязвимости

RLSA-2025:11428

rocky

около 1 месяца назад

Important: kernel security update

ELSA-2025-11428

oracle-oval

4 месяца назад

ELSA-2025-11428: kernel security update (IMPORTANT)

CVE-2024-58002

CVSS3: 7.8

ubuntu

8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. That pointer will be used when the device is done. Which could be anytime in the future. If the user closes that file descriptor, its structure will be freed, and there will be one dangling pointer per pending async control, that the driver will try to use. Clean all the dangling pointers during release(). To avoid adding a performance penalty in the most common case (no async operation), a counter has been introduced with some logic to make sure that it is properly handled.

CVE-2024-58002

CVSS3: 7

redhat

8 месяцев назад

CVE-2024-58002

CVSS3: 7.8

nvd

8 месяцев назад