Описание
ELSA-2025-16398: kernel security update (MODERATE)
[5.14.0-570.46.1.0.1_6.OL9]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]
[5.14.0-570.46.1_6]
- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (CKI Backport Bot) [RHEL-112246] {CVE-2023-53125}
- net: usb: smsc75xx: Limit packet length to skb->len (CKI Backport Bot) [RHEL-112246] {CVE-2023-53125}
- s390/sclp: Fix SCCB present check (CKI Backport Bot) [RHEL-113558] {CVE-2025-39694}
- use uniform permission checks for all mount propagation changes (Ian Kent) [RHEL-107301] {CVE-2025-38498}
- do_change_type(): refuse to operate on unmounted/not ours mounts (Ian Kent) [RHEL-107301] {CVE-2025-38498}
- usb: dwc3: gadget: check that event count does not exceed event buffer length (CKI Backport Bot) [RHEL-107649] {CVE-2025-37810}
[5.14.0-570.45.1_6]
- tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). (Adrian Moreno) [RHEL-113279]
- igc: fix lock order in igc_ptp_reset (CKI Backport Bot) [RHEL-108118]
- igc: add lock preventing multiple simultaneous PTM transactions (CKI Backport Bot) [RHEL-108118]
- igc: cleanup PTP module if probe fails (CKI Backport Bot) [RHEL-108118]
- igc: handle the IGC_PTP_ENABLED flag correctly (CKI Backport Bot) [RHEL-108118]
- igc: move ktime snapshot into PTM retry loop (CKI Backport Bot) [RHEL-108118]
- igc: increase wait time before retrying PTM (CKI Backport Bot) [RHEL-108118]
- igc: fix PTM cycle trigger logic (CKI Backport Bot) [RHEL-108118]
- ice: use fixed adapter index for E825C embedded devices (CKI Backport Bot) [RHEL-111766]
- ice: use DSN instead of PCI BDF for ice_adapter index (CKI Backport Bot) [RHEL-111766]
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
kernel-cross-headers
5.14.0-570.46.1.0.1.el9_6
kernel-tools-libs-devel
5.14.0-570.46.1.0.1.el9_6
libperf
5.14.0-570.46.1.0.1.el9_6
kernel-tools
5.14.0-570.46.1.0.1.el9_6
kernel-tools-libs
5.14.0-570.46.1.0.1.el9_6
python3-perf
5.14.0-570.46.1.0.1.el9_6
kernel-headers
5.14.0-570.46.1.0.1.el9_6
perf
5.14.0-570.46.1.0.1.el9_6
rtla
5.14.0-570.46.1.0.1.el9_6
rv
5.14.0-570.46.1.0.1.el9_6
Oracle Linux x86_64
kernel
5.14.0-570.46.1.0.1.el9_6
kernel-abi-stablelists
5.14.0-570.46.1.0.1.el9_6
kernel-core
5.14.0-570.46.1.0.1.el9_6
kernel-debug
5.14.0-570.46.1.0.1.el9_6
kernel-debug-core
5.14.0-570.46.1.0.1.el9_6
kernel-debug-modules
5.14.0-570.46.1.0.1.el9_6
kernel-debug-modules-core
5.14.0-570.46.1.0.1.el9_6
kernel-debug-modules-extra
5.14.0-570.46.1.0.1.el9_6
kernel-debug-uki-virt
5.14.0-570.46.1.0.1.el9_6
kernel-modules
5.14.0-570.46.1.0.1.el9_6
kernel-modules-core
5.14.0-570.46.1.0.1.el9_6
kernel-modules-extra
5.14.0-570.46.1.0.1.el9_6
kernel-tools
5.14.0-570.46.1.0.1.el9_6
kernel-tools-libs
5.14.0-570.46.1.0.1.el9_6
kernel-uki-virt
5.14.0-570.46.1.0.1.el9_6
kernel-uki-virt-addons
5.14.0-570.46.1.0.1.el9_6
python3-perf
5.14.0-570.46.1.0.1.el9_6
kernel-debug-devel
5.14.0-570.46.1.0.1.el9_6
kernel-debug-devel-matched
5.14.0-570.46.1.0.1.el9_6
kernel-devel
5.14.0-570.46.1.0.1.el9_6
kernel-devel-matched
5.14.0-570.46.1.0.1.el9_6
kernel-doc
5.14.0-570.46.1.0.1.el9_6
kernel-headers
5.14.0-570.46.1.0.1.el9_6
perf
5.14.0-570.46.1.0.1.el9_6
rtla
5.14.0-570.46.1.0.1.el9_6
rv
5.14.0-570.46.1.0.1.el9_6
kernel-cross-headers
5.14.0-570.46.1.0.1.el9_6
kernel-tools-libs-devel
5.14.0-570.46.1.0.1.el9_6
libperf
5.14.0-570.46.1.0.1.el9_6
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network stack will leak kernel memory contents.
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network stack will leak kernel memory contents.
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network stack will leak kernel memory contents.
In the Linux kernel, the following vulnerability has been resolved: n ...
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network stack will leak kernel memory contents.