Описание
ELSA-2025-14420: kernel security update (IMPORTANT)
[5.14.0-570.37.1.0.1_6.OL9]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]
[5.14.0-570.37.1_6]
- ice: fix eswitch code memory leak in reset scenario (CKI Backport Bot) [RHEL-108152] {CVE-2025-38417}
- ftrace: Clean up hash direct_functions on register failures (Gregory Bell) [RHEL-105151]
- ethtool: Fix set RXNFC command with symmetric RSS hash (Mohammad Heib) [RHEL-103526]
- drm/i915: Give i915 and xe each their own display tracepoints (Jocelyn Falempe) [RHEL-94419]
[5.14.0-570.36.1_6]
- udp: Fix memory accounting leak. (Xin Long) [RHEL-104091] {CVE-2025-22058}
- net_sched: ets: Fix double list add in class with netem as child qdisc (CKI Backport Bot) [RHEL-104719] {CVE-2025-37914}
- sch_ets: make est_qlen_notify() idempotent (Ivan Vecera) [RHEL-104719]
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
kernel-cross-headers
5.14.0-570.37.1.0.1.el9_6
kernel-tools-libs-devel
5.14.0-570.37.1.0.1.el9_6
kernel-tools
5.14.0-570.37.1.0.1.el9_6
kernel-tools-libs
5.14.0-570.37.1.0.1.el9_6
python3-perf
5.14.0-570.37.1.0.1.el9_6
kernel-headers
5.14.0-570.37.1.0.1.el9_6
perf
5.14.0-570.37.1.0.1.el9_6
rtla
5.14.0-570.37.1.0.1.el9_6
rv
5.14.0-570.37.1.0.1.el9_6
Oracle Linux x86_64
kernel-debug-devel
5.14.0-570.37.1.0.1.el9_6
kernel-debug-devel-matched
5.14.0-570.37.1.0.1.el9_6
kernel-devel
5.14.0-570.37.1.0.1.el9_6
kernel-devel-matched
5.14.0-570.37.1.0.1.el9_6
kernel-doc
5.14.0-570.37.1.0.1.el9_6
kernel-headers
5.14.0-570.37.1.0.1.el9_6
perf
5.14.0-570.37.1.0.1.el9_6
rtla
5.14.0-570.37.1.0.1.el9_6
rv
5.14.0-570.37.1.0.1.el9_6
kernel-cross-headers
5.14.0-570.37.1.0.1.el9_6
kernel-tools-libs-devel
5.14.0-570.37.1.0.1.el9_6
libperf
5.14.0-570.37.1.0.1.el9_6
kernel
5.14.0-570.37.1.0.1.el9_6
kernel-abi-stablelists
5.14.0-570.37.1.0.1.el9_6
kernel-core
5.14.0-570.37.1.0.1.el9_6
kernel-debug
5.14.0-570.37.1.0.1.el9_6
kernel-debug-core
5.14.0-570.37.1.0.1.el9_6
kernel-debug-modules
5.14.0-570.37.1.0.1.el9_6
kernel-debug-modules-core
5.14.0-570.37.1.0.1.el9_6
kernel-debug-modules-extra
5.14.0-570.37.1.0.1.el9_6
kernel-debug-uki-virt
5.14.0-570.37.1.0.1.el9_6
kernel-modules
5.14.0-570.37.1.0.1.el9_6
kernel-modules-core
5.14.0-570.37.1.0.1.el9_6
kernel-modules-extra
5.14.0-570.37.1.0.1.el9_6
kernel-tools
5.14.0-570.37.1.0.1.el9_6
kernel-tools-libs
5.14.0-570.37.1.0.1.el9_6
kernel-uki-virt
5.14.0-570.37.1.0.1.el9_6
kernel-uki-virt-addons
5.14.0-570.37.1.0.1.el9_6
python3-perf
5.14.0-570.37.1.0.1.el9_6
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasionally spiked to 524,288 pages and never dropped. Moreover, the value doubled when the application was terminated. Finally, it caused intermittent packet drops. We can reproduce the issue with the script below [0]: 1. /proc/net/sockstat reports 0 pages # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 0 2. Run the script till the report reaches 524,288 # python3 test.py & sleep 5 # cat /proc/net/sockstat | grep UDP: UDP: inuse 3 mem 524288 <-- (INT_MAX + 1) >> PAGE_SHIFT 3. Kill the socket and confirm the number never drops # pkill python3 && sleep 5 # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 524288 4. (necessary since v6.0) Trigger proto_memory_pcpu_drain() # python3 test.py & sleep 1 && pkill py...
In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasionally spiked to 524,288 pages and never dropped. Moreover, the value doubled when the application was terminated. Finally, it caused intermittent packet drops. We can reproduce the issue with the script below [0]: 1. /proc/net/sockstat reports 0 pages # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 0 2. Run the script till the report reaches 524,288 # python3 test.py & sleep 5 # cat /proc/net/sockstat | grep UDP: UDP: inuse 3 mem 524288 <-- (INT_MAX + 1) >> PAGE_SHIFT 3. Kill the socket and confirm the number never drops # pkill python3 && sleep 5 # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 524288 4. (necessary since v6.0) Trigger proto_memory_pcpu_drain() # python3 test.py & sleep 1 && pkill py...
In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasionally spiked to 524,288 pages and never dropped. Moreover, the value doubled when the application was terminated. Finally, it caused intermittent packet drops. We can reproduce the issue with the script below [0]: 1. /proc/net/sockstat reports 0 pages # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 0 2. Run the script till the report reaches 524,288 # python3 test.py & sleep 5 # cat /proc/net/sockstat | grep UDP: UDP: inuse 3 mem 524288 <-- (INT_MAX + 1) >> PAGE_SHIFT 3. Kill the socket and confirm the number never drops # pkill python3 && sleep 5 # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 524288 4. (necessary since v6.0) Trigger proto_memory_pcpu
In the Linux kernel, the following vulnerability has been resolved: u ...