ELSA-2025-13598

Опубликовано: 15 авг. 2025

Источник: oracle-oval

Платформа: Oracle Linux 10

Описание

ELSA-2025-13598: kernel security update (MODERATE)

[6.12.0-55.27.1.0.1]

nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
Disable UKI signing [Orabug: 36571828]
Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
Add Oracle Linux IMA certificates
Update module name for cryptographic module [Orabug: 37400433]

Thu Aug 14 2025 Alex Burmashev alexander.burmashev@oracle.com [6.12.0-55.27.1]

Bump internal version to 55.27.1
Fix includes for mm: fix copy_vma() error handling for hugetlb mappings
Revert sch_htb: make htb_qlen_notify() idempotent
Revert sch_drr: make drr_qlen_notify() idempotent
Revert sch_qfq: make qfq_qlen_notify() idempotent
Revert codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
Revert sch_htb: make htb_deactivate() idempotent
Revert net/sched: Always pass notifications when child class becomes empty
wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds - CVE-2025-38159
Documentation: Fix pci=config_acs= example
PCI/ACS: Fix 'pci=config_acs=' parameter
Revert 'smb: client: fix TCP timers deadlock after rmmod' - CVE-2025-22077
Revert smb: client: Fix netns refcount imbalance causing leaks and use-after-free
smb: client: Fix netns refcount imbalance causing leaks and use-after-free
wifi: ath12k: fix invalid access to memory - CVE-2025-38292
x86/CPU/AMD: Terminate the erratum_1386_microcode array - CVE-2024-56721
crypto: algif_hash - fix double free in hash_accept - CVE-2025-38079
net/sched: Always pass notifications when child class becomes empty - CVE-2025-38350
sch_htb: make htb_deactivate() idempotent - CVE-2025-38350
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() - CVE-2025-38350
sch_qfq: make qfq_qlen_notify() idempotent - CVE-2025-38350
sch_drr: make drr_qlen_notify() idempotent - CVE-2025-38350
sch_htb: make htb_qlen_notify() idempotent - CVE-2025-38350
mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race - CVE-2025-38085
mm/hugetlb: unshare page tables during VMA split, not before - CVE-2025-38084
tools/testing/vma: add missing function stub
mm: fix copy_vma() error handling for hugetlb mappings
PCI: Use downstream bridges for distributing resources
PCI/pwrctrl: Cancel outstanding rescan work when unregistering - CVE-2025-38137
bnxt_en: Skip MAC loopback selftest if it is unsupported by FW
bnxt_en: Skip PHY loopback ethtool selftest if unsupported by FW

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

kernel-headers

6.12.0-55.27.1.0.1.el10_0

perf

6.12.0-55.27.1.0.1.el10_0

python3-perf

6.12.0-55.27.1.0.1.el10_0

rtla

6.12.0-55.27.1.0.1.el10_0

kernel-tools

6.12.0-55.27.1.0.1.el10_0

kernel-tools-libs

6.12.0-55.27.1.0.1.el10_0

kernel-cross-headers

6.12.0-55.27.1.0.1.el10_0

kernel-tools-libs-devel

6.12.0-55.27.1.0.1.el10_0

libperf

6.12.0-55.27.1.0.1.el10_0

Oracle Linux x86_64

kernel

6.12.0-55.27.1.0.1.el10_0

kernel-abi-stablelists

6.12.0-55.27.1.0.1.el10_0

kernel-core

6.12.0-55.27.1.0.1.el10_0

kernel-debug-modules-core

6.12.0-55.27.1.0.1.el10_0

kernel-tools

6.12.0-55.27.1.0.1.el10_0

kernel-uki-virt

6.12.0-55.27.1.0.1.el10_0

kernel-debug-devel

6.12.0-55.27.1.0.1.el10_0

kernel-debug-devel-matched

6.12.0-55.27.1.0.1.el10_0

kernel-devel

6.12.0-55.27.1.0.1.el10_0

kernel-devel-matched

6.12.0-55.27.1.0.1.el10_0

kernel-doc

6.12.0-55.27.1.0.1.el10_0

kernel-headers

6.12.0-55.27.1.0.1.el10_0

perf

6.12.0-55.27.1.0.1.el10_0

python3-perf

6.12.0-55.27.1.0.1.el10_0

rtla

6.12.0-55.27.1.0.1.el10_0

kernel-debug

6.12.0-55.27.1.0.1.el10_0

kernel-debug-core

6.12.0-55.27.1.0.1.el10_0

kernel-debug-modules

6.12.0-55.27.1.0.1.el10_0

kernel-debug-modules-extra

6.12.0-55.27.1.0.1.el10_0

kernel-debug-uki-virt

6.12.0-55.27.1.0.1.el10_0

kernel-modules

6.12.0-55.27.1.0.1.el10_0

kernel-modules-core

6.12.0-55.27.1.0.1.el10_0

kernel-modules-extra

6.12.0-55.27.1.0.1.el10_0

kernel-tools-libs

6.12.0-55.27.1.0.1.el10_0

kernel-uki-virt-addons

6.12.0-55.27.1.0.1.el10_0

kernel-cross-headers

6.12.0-55.27.1.0.1.el10_0

kernel-tools-libs-devel

6.12.0-55.27.1.0.1.el10_0

libperf

6.12.0-55.27.1.0.1.el10_0

Связанные CVE

Ссылки на источники

Связанные уязвимости

ELSA-2025-13602

oracle-oval

8 дней назад

ELSA-2025-13602: kernel security update (MODERATE)

CVE-2025-38292

ubuntu

около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid access to memory In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean is_continuation is part of rxcb. Currently, after freeing the skb, the rxcb->is_continuation accessed again which is wrong since the memory is already freed. This might lead use-after-free error. Hence, fix by locally defining bool is_continuation from rxcb, so that after freeing skb, is_continuation can be used. Compile tested only.

CVE-2025-38292

CVSS3: 7.3

redhat

около 1 месяца назад

CVE-2025-38292

nvd

около 1 месяца назад

CVE-2025-38292

debian

около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: w ...