Описание
ELSA-2025-14510: kernel security update (IMPORTANT)
[6.12.0-55.29.1.0.1.el10_0.OL10]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Update module name for cryptographic module [Orabug: 37400433]
[6.12.0-55.29.1.el10_0]
- Bump internal version to 55.29.1
- ice: fix eswitch code memory leak in reset scenario - CVE-2025-38417
- net/sched: Abort __tc_modify_qdisc if parent class does not exist
- net_sched: ets: Fix double list add in class with netem as child qdisc - CVE-2025-37914
- sch_ets: make est_qlen_notify() idempotent
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw - CVE-2025-38200
- cxgb4: use port number to set mac addr
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
kernel-headers
6.12.0-55.29.1.0.1.el10_0
perf
6.12.0-55.29.1.0.1.el10_0
python3-perf
6.12.0-55.29.1.0.1.el10_0
rtla
6.12.0-55.29.1.0.1.el10_0
rv
6.12.0-55.29.1.0.1.el10_0
kernel-tools
6.12.0-55.29.1.0.1.el10_0
kernel-tools-libs
6.12.0-55.29.1.0.1.el10_0
kernel-cross-headers
6.12.0-55.29.1.0.1.el10_0
kernel-tools-libs-devel
6.12.0-55.29.1.0.1.el10_0
libperf
6.12.0-55.29.1.0.1.el10_0
Oracle Linux x86_64
kernel-debug-devel
6.12.0-55.29.1.0.1.el10_0
kernel-debug-devel-matched
6.12.0-55.29.1.0.1.el10_0
kernel-devel
6.12.0-55.29.1.0.1.el10_0
kernel-devel-matched
6.12.0-55.29.1.0.1.el10_0
kernel-doc
6.12.0-55.29.1.0.1.el10_0
kernel-headers
6.12.0-55.29.1.0.1.el10_0
perf
6.12.0-55.29.1.0.1.el10_0
python3-perf
6.12.0-55.29.1.0.1.el10_0
rtla
6.12.0-55.29.1.0.1.el10_0
rv
6.12.0-55.29.1.0.1.el10_0
kernel
6.12.0-55.29.1.0.1.el10_0
kernel-abi-stablelists
6.12.0-55.29.1.0.1.el10_0
kernel-core
6.12.0-55.29.1.0.1.el10_0
kernel-debug
6.12.0-55.29.1.0.1.el10_0
kernel-debug-core
6.12.0-55.29.1.0.1.el10_0
kernel-debug-modules
6.12.0-55.29.1.0.1.el10_0
kernel-debug-modules-core
6.12.0-55.29.1.0.1.el10_0
kernel-debug-modules-extra
6.12.0-55.29.1.0.1.el10_0
kernel-debug-uki-virt
6.12.0-55.29.1.0.1.el10_0
kernel-modules
6.12.0-55.29.1.0.1.el10_0
kernel-modules-core
6.12.0-55.29.1.0.1.el10_0
kernel-modules-extra
6.12.0-55.29.1.0.1.el10_0
kernel-tools
6.12.0-55.29.1.0.1.el10_0
kernel-tools-libs
6.12.0-55.29.1.0.1.el10_0
kernel-uki-virt
6.12.0-55.29.1.0.1.el10_0
kernel-uki-virt-addons
6.12.0-55.29.1.0.1.el10_0
kernel-cross-headers
6.12.0-55.29.1.0.1.el10_0
kernel-tools-libs-devel
6.12.0-55.29.1.0.1.el10_0
libperf
6.12.0-55.29.1.0.1.el10_0
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario Add simple eswitch mode checker in attaching VF procedure and allocate required port representor memory structures only in switchdev mode. The reset flows triggers VF (if present) detach/attach procedure. It might involve VF port representor(s) re-creation if the device is configured is switchdev mode (not legacy one). The memory was blindly allocated in current implementation, regardless of the mode and not freed if in legacy mode. Kmemeleak trace: unreferenced object (percpu) 0x7e3bce5b888458 (size 40): comm "bash", pid 1784, jiffies 4295743894 hex dump (first 32 bytes on cpu 45): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 0): pcpu_alloc_noprof+0x4c4/0x7c0 ice_repr_create+0x66/0x130 [ice] ice_repr_create_vf+0x22/0x70 [ice] ice_eswitch_attach_vf+0x1b/0xa0 [ice] ...
In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario Add simple eswitch mode checker in attaching VF procedure and allocate required port representor memory structures only in switchdev mode. The reset flows triggers VF (if present) detach/attach procedure. It might involve VF port representor(s) re-creation if the device is configured is switchdev mode (not legacy one). The memory was blindly allocated in current implementation, regardless of the mode and not freed if in legacy mode. Kmemeleak trace: unreferenced object (percpu) 0x7e3bce5b888458 (size 40): comm "bash", pid 1784, jiffies 4295743894 hex dump (first 32 bytes on cpu 45): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 0): pcpu_alloc_noprof+0x4c4/0x7c0 ice_repr_create+0x66/0x130 [ice] ice_repr_create_vf+0x22/0x70 [ice] ice_eswitch_attach_vf+0x1b/0xa0 [ice] ...
In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario Add simple eswitch mode checker in attaching VF procedure and allocate required port representor memory structures only in switchdev mode. The reset flows triggers VF (if present) detach/attach procedure. It might involve VF port representor(s) re-creation if the device is configured is switchdev mode (not legacy one). The memory was blindly allocated in current implementation, regardless of the mode and not freed if in legacy mode. Kmemeleak trace: unreferenced object (percpu) 0x7e3bce5b888458 (size 40): comm "bash", pid 1784, jiffies 4295743894 hex dump (first 32 bytes on cpu 45): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 0): pcpu_alloc_noprof+0x4c4/0x7c0 ice_repr_create+0x66/0x130 [ice] ice_repr_create_vf+0x22/0x70 [ice] ice_eswi
In the Linux kernel, the following vulnerability has been resolved: i ...