Описание
ELSA-2025-11411: kernel security update (IMPORTANT)
[5.14.0-570.28.1.0.1_6.OL9]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]
[5.14.0-570.28.1_6]
- sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (CKI Backport Bot) [RHEL-101327] {CVE-2025-38089}
[5.14.0-570.27.1_6]
- i2c: tegra: check msg length in SMBUS block read (Steve Dunnagan) [RHEL-100516]
- net/mlx5: Generate PPS IN event on new function for shared clock (Benjamin Poirier) [RHEL-87775]
- net/mlx5: Support one PTP device per hardware clock (Benjamin Poirier) [RHEL-87775]
- net/mlx5: Move PPS notifier and out_work to clock_state (Benjamin Poirier) [RHEL-87775]
- net/mlx5: Add devcom component for the clock shared by functions (Michal Schmidt) [RHEL-87775]
- net/mlx5: Change clock in mlx5_core_dev to mlx5_clock pointer (Michal Schmidt) [RHEL-87775]
- net/mlx5: Add API to get mlx5_core_dev from mlx5_clock (Benjamin Poirier) [RHEL-87775]
- net/mlx5: Add init and destruction functions for a single HW clock (Benjamin Poirier) [RHEL-87775]
- net/mlx5: Change parameters for PTP internal functions (Benjamin Poirier) [RHEL-87775]
- net/mlx5: Add helper functions for PTP callbacks (Benjamin Poirier) [RHEL-87775]
- net/mlx5: Add support for MRTCQ register (Benjamin Poirier) [RHEL-87775]
- net/mlx5: use do_aux_work for PHC overflow checks (Michal Schmidt) [RHEL-87775]
- mlx5_en: use read sequence for gettimex64 (Benjamin Poirier) [RHEL-87775]
- media: uvcvideo: Announce the user our deprecation intentions (Desnes Nunes) [RHEL-98772]
- media: uvcvideo: Allow changing noparam on the fly (Desnes Nunes) [RHEL-98772]
- media: uvcvideo: Invert default value for nodrop module param (Desnes Nunes) [RHEL-98772]
- media: uvcvideo: Propagate buf->error to userspace (Desnes Nunes) [RHEL-98772]
- media: uvcvideo: Flush the control cache when we get an event (Desnes Nunes) [RHEL-98772]
- media: uvcvideo: Annotate lock requirements for uvc_ctrl_set (Desnes Nunes) [RHEL-98772]
- media: uvcvideo: Remove dangling pointers (Desnes Nunes) [RHEL-98772] {CVE-2024-58002}
- media: uvcvideo: Remove redundant NULL assignment (Desnes Nunes) [RHEL-98772]
- media: uvcvideo: Only save async fh if success (Desnes Nunes) [RHEL-98772]
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
kernel-cross-headers
5.14.0-570.28.1.0.1.el9_6
kernel-tools-libs-devel
5.14.0-570.28.1.0.1.el9_6
kernel-tools-libs
5.14.0-570.28.1.0.1.el9_6
python3-perf
5.14.0-570.28.1.0.1.el9_6
kernel-headers
5.14.0-570.28.1.0.1.el9_6
perf
5.14.0-570.28.1.0.1.el9_6
rtla
5.14.0-570.28.1.0.1.el9_6
rv
5.14.0-570.28.1.0.1.el9_6
kernel-tools
5.14.0-570.28.1.0.1.el9_6
Oracle Linux x86_64
kernel-debug-devel
5.14.0-570.28.1.0.1.el9_6
kernel-debug-devel-matched
5.14.0-570.28.1.0.1.el9_6
kernel-devel
5.14.0-570.28.1.0.1.el9_6
kernel-devel-matched
5.14.0-570.28.1.0.1.el9_6
kernel-doc
5.14.0-570.28.1.0.1.el9_6
kernel-headers
5.14.0-570.28.1.0.1.el9_6
perf
5.14.0-570.28.1.0.1.el9_6
rtla
5.14.0-570.28.1.0.1.el9_6
rv
5.14.0-570.28.1.0.1.el9_6
kernel-cross-headers
5.14.0-570.28.1.0.1.el9_6
kernel-tools-libs-devel
5.14.0-570.28.1.0.1.el9_6
libperf
5.14.0-570.28.1.0.1.el9_6
kernel
5.14.0-570.28.1.0.1.el9_6
kernel-abi-stablelists
5.14.0-570.28.1.0.1.el9_6
kernel-core
5.14.0-570.28.1.0.1.el9_6
kernel-debug
5.14.0-570.28.1.0.1.el9_6
kernel-debug-core
5.14.0-570.28.1.0.1.el9_6
kernel-debug-modules
5.14.0-570.28.1.0.1.el9_6
kernel-debug-modules-core
5.14.0-570.28.1.0.1.el9_6
kernel-debug-modules-extra
5.14.0-570.28.1.0.1.el9_6
kernel-debug-uki-virt
5.14.0-570.28.1.0.1.el9_6
kernel-modules
5.14.0-570.28.1.0.1.el9_6
kernel-modules-core
5.14.0-570.28.1.0.1.el9_6
kernel-modules-extra
5.14.0-570.28.1.0.1.el9_6
kernel-tools
5.14.0-570.28.1.0.1.el9_6
kernel-tools-libs
5.14.0-570.28.1.0.1.el9_6
kernel-uki-virt
5.14.0-570.28.1.0.1.el9_6
kernel-uki-virt-addons
5.14.0-570.28.1.0.1.el9_6
python3-perf
5.14.0-570.28.1.0.1.el9_6
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a way that SVC_GARBAGE is returned without setting the rq_accept_statp pointer, then that pointer can be dereferenced and a value stored there. If it's the first time the thread has processed an RPC, then that pointer will be set to NULL and the kernel will crash. In other cases, it could create a memory scribble. The server sunrpc code treats a SVC_GARBAGE return from svc_authenticate or pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531 says that if authentication fails that the RPC should be rejected instead with a status of AUTH_ERR. Handle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of AUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This sidesteps th...
In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a way that SVC_GARBAGE is returned without setting the rq_accept_statp pointer, then that pointer can be dereferenced and a value stored there. If it's the first time the thread has processed an RPC, then that pointer will be set to NULL and the kernel will crash. In other cases, it could create a memory scribble. The server sunrpc code treats a SVC_GARBAGE return from svc_authenticate or pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531 says that if authentication fails that the RPC should be rejected instead with a status of AUTH_ERR. Handle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of AUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This sidesteps th...
In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a way that SVC_GARBAGE is returned without setting the rq_accept_statp pointer, then that pointer can be dereferenced and a value stored there. If it's the first time the thread has processed an RPC, then that pointer will be set to NULL and the kernel will crash. In other cases, it could create a memory scribble. The server sunrpc code treats a SVC_GARBAGE return from svc_authenticate or pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531 says that if authentication fails that the RPC should be rejected instead with a status of AUTH_ERR. Handle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of AUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This sidesteps
In the Linux kernel, the following vulnerability has been resolved: s ...