Описание
ELSA-2025-12662: kernel security update (IMPORTANT)
[6.12.0-55.25.1.0.1]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Update module name for cryptographic module [Orabug: 37400433]
[6.12.0-55.25.1]
- Bump internal version to 55.25.1
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice - CVE-2025-38001
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() - CVE-2025-38000
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc - CVE-2025-37890
- sch_hfsc: make hfsc_qlen_notify() idempotent
- RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem - CVE-2025-38022
- RDMA/core: Fix use-after-free when rename device name - CVE-2025-22085
- nvme-tcp: sanitize request list handling - CVE-2025-38264
- net: tipc: fix refcount warning in tipc_aead_encrypt
- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done - CVE-2025-38052
- tcp: adjust rcvq_space after updating scaling ratio
- ext4: avoid journaling sb update on error if journal is destroying - CVE-2025-22113
- ext4: define ext4_journal_destroy wrapper - CVE-2025-22113
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() - CVE-2025-21928
- HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() - CVE-2025-21929
- usb: hub: Fix flushing of delayed work used for post resume purposes
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs
- net/sched: fix use-after-free in taprio_dev_notifier - CVE-2025-38087
- net: ch9200: fix uninitialised access during mii_nway_restart - CVE-2025-38086
- padata: avoid UAF for reorder_work - CVE-2025-21726
- padata: fix UAF in padata_reorder - CVE-2025-21727
- padata: add pd get/put refcnt helper
- padata: fix sysfs store callback check
- padata: Clean up in padata_do_multithreaded()
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove -CVE-2025-22020
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
kernel-headers
6.12.0-55.25.1.0.1.el10_0
perf
6.12.0-55.25.1.0.1.el10_0
python3-perf
6.12.0-55.25.1.0.1.el10_0
rtla
6.12.0-55.25.1.0.1.el10_0
rv
6.12.0-55.25.1.0.1.el10_0
kernel-tools
6.12.0-55.25.1.0.1.el10_0
kernel-tools-libs
6.12.0-55.25.1.0.1.el10_0
kernel-cross-headers
6.12.0-55.25.1.0.1.el10_0
kernel-tools-libs-devel
6.12.0-55.25.1.0.1.el10_0
libperf
6.12.0-55.25.1.0.1.el10_0
Oracle Linux x86_64
kernel-abi-stablelists
6.12.0-55.25.1.0.1.el10_0
kernel-core
6.12.0-55.25.1.0.1.el10_0
kernel-debug
6.12.0-55.25.1.0.1.el10_0
kernel-debug-modules
6.12.0-55.25.1.0.1.el10_0
kernel-debug-modules-core
6.12.0-55.25.1.0.1.el10_0
kernel-debug-modules-extra
6.12.0-55.25.1.0.1.el10_0
kernel-debug-uki-virt
6.12.0-55.25.1.0.1.el10_0
kernel-modules-core
6.12.0-55.25.1.0.1.el10_0
kernel-modules-extra
6.12.0-55.25.1.0.1.el10_0
kernel-tools-libs
6.12.0-55.25.1.0.1.el10_0
kernel-uki-virt
6.12.0-55.25.1.0.1.el10_0
kernel-debug-devel
6.12.0-55.25.1.0.1.el10_0
kernel-debug-devel-matched
6.12.0-55.25.1.0.1.el10_0
kernel-devel
6.12.0-55.25.1.0.1.el10_0
kernel-devel-matched
6.12.0-55.25.1.0.1.el10_0
kernel-doc
6.12.0-55.25.1.0.1.el10_0
kernel-headers
6.12.0-55.25.1.0.1.el10_0
perf
6.12.0-55.25.1.0.1.el10_0
python3-perf
6.12.0-55.25.1.0.1.el10_0
rtla
6.12.0-55.25.1.0.1.el10_0
rv
6.12.0-55.25.1.0.1.el10_0
kernel
6.12.0-55.25.1.0.1.el10_0
kernel-debug-core
6.12.0-55.25.1.0.1.el10_0
kernel-modules
6.12.0-55.25.1.0.1.el10_0
kernel-tools
6.12.0-55.25.1.0.1.el10_0
kernel-uki-virt-addons
6.12.0-55.25.1.0.1.el10_0
kernel-cross-headers
6.12.0-55.25.1.0.1.el10_0
kernel-tools-libs-devel
6.12.0-55.25.1.0.1.el10_0
libperf
6.12.0-55.25.1.0.1.el10_0
Ссылки на источники
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing.
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing.
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing.
In the Linux kernel, the following vulnerability has been resolved: n ...
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing.