Описание
ELSA-2025-15661: kernel security update (IMPORTANT)
[5.14.0-570.42.2.0.1_6.OL9]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]
[5.14.0-570.42.2_6]
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CKI Backport Bot) [RHEL-112780] {CVE-2025-38352}
- powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (CKI Backport Bot) [RHEL-113173]
[5.14.0-570.42.1_6]
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (Mamatha Inamdar) [RHEL-103015]
- drm/framebuffer: Acquire internal references on GEM handles (Jose Exposito) [RHEL-106699] {CVE-2025-38449}
- drm/gem: Acquire references on GEM handles for framebuffers (Jose Exposito) [RHEL-106699] {CVE-2025-38449}
- drm/vkms: Fix use after free and double free on init error (CKI KWF BOT) [RHEL-99420] {CVE-2025-22097}
- scsi: lpfc: Use memcpy() for BIOS version (Ewan D. Milne) [RHEL-105933] {CVE-2025-38332}
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
kernel-cross-headers
5.14.0-570.42.2.0.1.el9_6
kernel-tools-libs-devel
5.14.0-570.42.2.0.1.el9_6
libperf
5.14.0-570.42.2.0.1.el9_6
kernel-headers
5.14.0-570.42.2.0.1.el9_6
perf
5.14.0-570.42.2.0.1.el9_6
rtla
5.14.0-570.42.2.0.1.el9_6
rv
5.14.0-570.42.2.0.1.el9_6
kernel-tools
5.14.0-570.42.2.0.1.el9_6
kernel-tools-libs
5.14.0-570.42.2.0.1.el9_6
python3-perf
5.14.0-570.42.2.0.1.el9_6
Oracle Linux x86_64
kernel
5.14.0-570.42.2.0.1.el9_6
kernel-abi-stablelists
5.14.0-570.42.2.0.1.el9_6
kernel-core
5.14.0-570.42.2.0.1.el9_6
kernel-debug
5.14.0-570.42.2.0.1.el9_6
kernel-debug-core
5.14.0-570.42.2.0.1.el9_6
kernel-debug-modules
5.14.0-570.42.2.0.1.el9_6
kernel-debug-modules-core
5.14.0-570.42.2.0.1.el9_6
kernel-debug-modules-extra
5.14.0-570.42.2.0.1.el9_6
kernel-debug-uki-virt
5.14.0-570.42.2.0.1.el9_6
kernel-modules
5.14.0-570.42.2.0.1.el9_6
kernel-modules-core
5.14.0-570.42.2.0.1.el9_6
kernel-modules-extra
5.14.0-570.42.2.0.1.el9_6
kernel-tools
5.14.0-570.42.2.0.1.el9_6
kernel-tools-libs
5.14.0-570.42.2.0.1.el9_6
kernel-uki-virt
5.14.0-570.42.2.0.1.el9_6
kernel-uki-virt-addons
5.14.0-570.42.2.0.1.el9_6
python3-perf
5.14.0-570.42.2.0.1.el9_6
kernel-debug-devel
5.14.0-570.42.2.0.1.el9_6
kernel-debug-devel-matched
5.14.0-570.42.2.0.1.el9_6
kernel-devel
5.14.0-570.42.2.0.1.el9_6
kernel-devel-matched
5.14.0-570.42.2.0.1.el9_6
kernel-doc
5.14.0-570.42.2.0.1.el9_6
kernel-headers
5.14.0-570.42.2.0.1.el9_6
perf
5.14.0-570.42.2.0.1.el9_6
rtla
5.14.0-570.42.2.0.1.el9_6
rv
5.14.0-570.42.2.0.1.el9_6
kernel-cross-headers
5.14.0-570.42.2.0.1.el9_6
kernel-tools-libs-devel
5.14.0-570.42.2.0.1.el9_6
libperf
5.14.0-570.42.2.0.1.el9_6
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway, instead of memset() with 0 followed by a strlcat(), just use memcpy() and ensure that the resulting buffer is NULL terminated. BIOSVersion is only used for the lpfc_printf_log() which expects a properly terminated string.
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway, instead of memset() with 0 followed by a strlcat(), just use memcpy() and ensure that the resulting buffer is NULL terminated. BIOSVersion is only used for the lpfc_printf_log() which expects a properly terminated string.
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway, instead of memset() with 0 followed by a strlcat(), just use memcpy() and ensure that the resulting buffer is NULL terminated. BIOSVersion is only used for the lpfc_printf_log() which expects a properly terminated string.
