Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-11455

Опубликовано: 21 июл. 2025
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2025-11455: kernel security update (MODERATE)

  • [4.18.0-553.63.1_10.OL8]
  • Update Oracle Linux certificates (Kevin Lyons)
  • Disable signing for aarch64 (Ilya Okomin)
  • Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  • Update x509.genkey [Orabug: 24817676]
  • Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
  • Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
  • Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]

[4.18.0-553.63.1_10]

  • tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Guillaume Nault) [RHEL-66324] {CVE-2024-50154}
  • net: ch9200: fix uninitialised access during mii_nway_restart (CKI Backport Bot) [RHEL-101200] {CVE-2025-38086}
  • mm/swapfile: add cond_resched() in get_swap_pages() (Nico Pache) [RHEL-80401] {CVE-2023-52932}
  • dlm: fix possible lkb_resource null dereference (Alexander Aring) [RHEL-64452]
  • fs: dlm: handle -EINVAL as log_error() (Alexander Aring) [RHEL-64452]
  • redhat/configs: enable CONFIG_RH_KABI_STABLE_ASM_OFFSETS (Cestmir Kalina) [RHEL-90099]
  • kabi: freeze stablelist and stackprotector-related constants (Cestmir Kalina) [RHEL-90099]
  • kabi: add redhat/kabi/asm-offsets (Cestmir Kalina) [RHEL-90099]
  • kabi: add RH_KABI_ASSERT_EQ_CONST{,EXPR} (Cestmir Kalina) [RHEL-90099]

Обновленные пакеты

Oracle Linux 8

Oracle Linux x86_64

bpftool

4.18.0-553.63.1.el8_10

kernel

4.18.0-553.63.1.el8_10

kernel-abi-stablelists

4.18.0-553.63.1.el8_10

kernel-core

4.18.0-553.63.1.el8_10

kernel-cross-headers

4.18.0-553.63.1.el8_10

kernel-debug

4.18.0-553.63.1.el8_10

kernel-debug-core

4.18.0-553.63.1.el8_10

kernel-debug-devel

4.18.0-553.63.1.el8_10

kernel-debug-modules

4.18.0-553.63.1.el8_10

kernel-debug-modules-extra

4.18.0-553.63.1.el8_10

kernel-devel

4.18.0-553.63.1.el8_10

kernel-doc

4.18.0-553.63.1.el8_10

kernel-headers

4.18.0-553.63.1.el8_10

kernel-modules

4.18.0-553.63.1.el8_10

kernel-modules-extra

4.18.0-553.63.1.el8_10

kernel-tools

4.18.0-553.63.1.el8_10

kernel-tools-libs

4.18.0-553.63.1.el8_10

kernel-tools-libs-devel

4.18.0-553.63.1.el8_10

perf

4.18.0-553.63.1.el8_10

python3-perf

4.18.0-553.63.1.el8_10

Связанные CVE

CVE-2024-50154
CVE-2025-38086

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2025:11455

rocky
6 дней назад

Moderate: kernel security update

ubuntu логотип

CVE-2025-38086

ubuntu
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called "buff", which is initialised with control_read(). However "buff" is conditionally initialised inside control_read(): if (err == size) { memcpy(data, buf, size); } If the condition of "err == size" is not met, then "buff" remains uninitialised. Once this happens the uninitialised "buff" is accessed and returned during ch9200_mdio_read(): return (buff[0] | buff[1] << 8); The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uinit-access of "buff". To fix this we should check the return value of control_read() and return early on error.

redhat логотип

CVE-2025-38086

CVSS3: 7
redhat
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called "buff", which is initialised with control_read(). However "buff" is conditionally initialised inside control_read(): if (err == size) { memcpy(data, buf, size); } If the condition of "err == size" is not met, then "buff" remains uninitialised. Once this happens the uninitialised "buff" is accessed and returned during ch9200_mdio_read(): return (buff[0] | buff[1] << 8); The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uinit-access of "buff". To fix this we should check the return value of control_read() and return early on error.

nvd логотип

CVE-2025-38086

nvd
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called "buff", which is initialised with control_read(). However "buff" is conditionally initialised inside control_read(): if (err == size) { memcpy(data, buf, size); } If the condition of "err == size" is not met, then "buff" remains uninitialised. Once this happens the uninitialised "buff" is accessed and returned during ch9200_mdio_read(): return (buff[0] | buff[1] << 8); The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uinit-access of "buff". To fix this we should check the return value of control_read() and return early on error.

debian логотип

CVE-2025-38086

debian
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: n ...