ELSA-2025-15662

Опубликовано: 12 сент. 2025

Источник: oracle-oval

Платформа: Oracle Linux 10

Описание

ELSA-2025-15662: kernel security update (IMPORTANT)

[6.12.0-55.32.1.0.1]

nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
Disable UKI signing [Orabug: 36571828]
Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
Add Oracle Linux IMA certificates
Update module name for cryptographic module [Orabug: 37400433]

[6.12.0-55.32.1]

Bump internal version to 55.32.1
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() - CVE-2025-38352

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

kernel-headers

6.12.0-55.32.1.0.1.el10_0

perf

6.12.0-55.32.1.0.1.el10_0

python3-perf

6.12.0-55.32.1.0.1.el10_0

rtla

6.12.0-55.32.1.0.1.el10_0

kernel-tools

6.12.0-55.32.1.0.1.el10_0

kernel-tools-libs

6.12.0-55.32.1.0.1.el10_0

kernel-cross-headers

6.12.0-55.32.1.0.1.el10_0

kernel-tools-libs-devel

6.12.0-55.32.1.0.1.el10_0

libperf

6.12.0-55.32.1.0.1.el10_0

Oracle Linux x86_64

kernel-debug-devel

6.12.0-55.32.1.0.1.el10_0

kernel-debug-devel-matched

6.12.0-55.32.1.0.1.el10_0

kernel-devel

6.12.0-55.32.1.0.1.el10_0

kernel-devel-matched

6.12.0-55.32.1.0.1.el10_0

kernel-doc

6.12.0-55.32.1.0.1.el10_0

kernel-headers

6.12.0-55.32.1.0.1.el10_0

perf

6.12.0-55.32.1.0.1.el10_0

python3-perf

6.12.0-55.32.1.0.1.el10_0

rtla

6.12.0-55.32.1.0.1.el10_0

kernel

6.12.0-55.32.1.0.1.el10_0

kernel-abi-stablelists

6.12.0-55.32.1.0.1.el10_0

kernel-core

6.12.0-55.32.1.0.1.el10_0

kernel-debug

6.12.0-55.32.1.0.1.el10_0

kernel-debug-core

6.12.0-55.32.1.0.1.el10_0

kernel-debug-modules

6.12.0-55.32.1.0.1.el10_0

kernel-debug-modules-core

6.12.0-55.32.1.0.1.el10_0

kernel-debug-modules-extra

6.12.0-55.32.1.0.1.el10_0

kernel-debug-uki-virt

6.12.0-55.32.1.0.1.el10_0

kernel-modules

6.12.0-55.32.1.0.1.el10_0

kernel-modules-core

6.12.0-55.32.1.0.1.el10_0

kernel-modules-extra

6.12.0-55.32.1.0.1.el10_0

kernel-tools

6.12.0-55.32.1.0.1.el10_0

kernel-tools-libs

6.12.0-55.32.1.0.1.el10_0

kernel-uki-virt

6.12.0-55.32.1.0.1.el10_0

kernel-uki-virt-addons

6.12.0-55.32.1.0.1.el10_0

kernel-cross-headers

6.12.0-55.32.1.0.1.el10_0

kernel-tools-libs-devel

6.12.0-55.32.1.0.1.el10_0

libperf

6.12.0-55.32.1.0.1.el10_0

Связанные CVE

CVE-2025-38352

Ссылки на источники

Связанные уязвимости

CVE-2025-38352

CVSS3: 7.4

ubuntu

2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.