Описание
ELSA-2025-11850: kernel security update (MODERATE)
[4.18.0-553.64.1_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]
[4.18.0-553.64.1_10]
- sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (CKI Backport Bot) [RHEL-100387] {CVE-2025-21919}
- NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (Benjamin Coddington) [RHEL-86256]
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (CKI Backport Bot) [RHEL-102133] {CVE-2022-49977}
- wifi: iwlwifi: limit printed string from FW file (CKI Backport Bot) [RHEL-99367] {CVE-2025-21905}
- workqueue: Disable printk_deferred_{enter,exit} in RT kernel (Waiman Long) [RHEL-80292]
- workqueue: Make show_pwq() use run-length encoding (Waiman Long) [RHEL-80292]
- workqueue: Introduce show_one_worker_pool and show_one_workqueue. (Waiman Long) [RHEL-80292]
- workqueue: fix state-dump console deadlock (Waiman Long) [RHEL-80292]
Обновленные пакеты
Oracle Linux 8
Oracle Linux x86_64
kernel-tools-libs-devel
4.18.0-553.64.1.el8_10
bpftool
4.18.0-553.64.1.el8_10
kernel
4.18.0-553.64.1.el8_10
kernel-abi-stablelists
4.18.0-553.64.1.el8_10
kernel-core
4.18.0-553.64.1.el8_10
kernel-cross-headers
4.18.0-553.64.1.el8_10
kernel-debug
4.18.0-553.64.1.el8_10
kernel-debug-core
4.18.0-553.64.1.el8_10
kernel-debug-devel
4.18.0-553.64.1.el8_10
kernel-debug-modules
4.18.0-553.64.1.el8_10
kernel-debug-modules-extra
4.18.0-553.64.1.el8_10
kernel-devel
4.18.0-553.64.1.el8_10
kernel-doc
4.18.0-553.64.1.el8_10
kernel-headers
4.18.0-553.64.1.el8_10
kernel-modules
4.18.0-553.64.1.el8_10
kernel-modules-extra
4.18.0-553.64.1.el8_10
kernel-tools
4.18.0-553.64.1.el8_10
kernel-tools-libs
4.18.0-553.64.1.el8_10
perf
4.18.0-553.64.1.el8_10
python3-perf
4.18.0-553.64.1.el8_10
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the file, it can perhaps even read beyond the end of the file buffer. Fix that by limiting the print format to the size of the buffer we have.
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the file, it can perhaps even read beyond the end of the file buffer. Fix that by limiting the print format to the size of the buffer we have.
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the file, it can perhaps even read beyond the end of the file buffer. Fix that by limiting the print format to the size of the buffer we have.
In the Linux kernel, the following vulnerability has been resolved: w ...