Описание
ELSA-2025-1659: kernel security update (MODERATE)
- [5.14.0-503.26.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
[5.14.0-503.26.1_5]
- redhat: drop Y issues from changelog (Jan Stancek)
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CKI Backport Bot) [RHEL-78075] {CVE-2024-53104}
[5.14.0-503.25.1_5]
- md/md-bitmap: fix writing non bitmap pages (CKI Backport Bot) [RHEL-76800]
[5.14.0-503.24.1_5]
- smb: client: fix potential race in cifs_put_tcon() (Jay Shin) [RHEL-73594 RHEL-70959]
- smb: client: don't try following DFS links in cifs_tree_connect() (Jay Shin) [RHEL-73594 RHEL-70959]
- smb: client: allow reconnect when sending ioctl (Jay Shin) [RHEL-73594 RHEL-70959]
- smb: client: get rid of @nlsc param in cifs_tree_connect() (Jay Shin) [RHEL-73594 RHEL-70959]
- smb: client: allow more DFS referrals to be cached (Jay Shin) [RHEL-73594 RHEL-70959]
- smb3: fix broken reconnect when password changing on the server by allowing password rotation (Jay Shin) [RHEL-73594 RHEL-57983]
- i40e: Fix handling changed priv flags (Kamal Heib) [RHEL-69857 RHEL-30524]
- mm: migrate: fix getting incorrect page mapping during page migration (Rafael Aquini) [RHEL-70898 RHEL-27742 RHEL-28873] {CVE-2023-52490}
- mm: migrate: record the mlocked page status to remove unnecessary lru drain (Rafael Aquini) [RHEL-70898 RHEL-27742]
- mm: convert migrate_pages() to work on folios (Rafael Aquini) [RHEL-70898 RHEL-27742]
- migrate_pages_batch: simplify retrying and failure counting of large folios (Rafael Aquini) [RHEL-70898 RHEL-27742]
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
kernel-cross-headers
5.14.0-503.26.1.el9_5
kernel-tools-libs-devel
5.14.0-503.26.1.el9_5
bpftool
7.4.0-503.26.1.el9_5
kernel-tools
5.14.0-503.26.1.el9_5
kernel-tools-libs
5.14.0-503.26.1.el9_5
python3-perf
5.14.0-503.26.1.el9_5
kernel-headers
5.14.0-503.26.1.el9_5
perf
5.14.0-503.26.1.el9_5
rtla
5.14.0-503.26.1.el9_5
rv
5.14.0-503.26.1.el9_5
Oracle Linux x86_64
bpftool
7.4.0-503.26.1.el9_5
kernel
5.14.0-503.26.1.el9_5
kernel-abi-stablelists
5.14.0-503.26.1.el9_5
kernel-core
5.14.0-503.26.1.el9_5
kernel-debug
5.14.0-503.26.1.el9_5
kernel-debug-core
5.14.0-503.26.1.el9_5
kernel-debug-modules
5.14.0-503.26.1.el9_5
kernel-debug-modules-core
5.14.0-503.26.1.el9_5
kernel-debug-modules-extra
5.14.0-503.26.1.el9_5
kernel-debug-uki-virt
5.14.0-503.26.1.el9_5
kernel-modules
5.14.0-503.26.1.el9_5
kernel-modules-core
5.14.0-503.26.1.el9_5
kernel-modules-extra
5.14.0-503.26.1.el9_5
kernel-tools
5.14.0-503.26.1.el9_5
kernel-tools-libs
5.14.0-503.26.1.el9_5
kernel-uki-virt
5.14.0-503.26.1.el9_5
kernel-uki-virt-addons
5.14.0-503.26.1.el9_5
python3-perf
5.14.0-503.26.1.el9_5
kernel-debug-devel
5.14.0-503.26.1.el9_5
kernel-debug-devel-matched
5.14.0-503.26.1.el9_5
kernel-devel
5.14.0-503.26.1.el9_5
kernel-devel-matched
5.14.0-503.26.1.el9_5
kernel-doc
5.14.0-503.26.1.el9_5
kernel-headers
5.14.0-503.26.1.el9_5
perf
5.14.0-503.26.1.el9_5
rtla
5.14.0-503.26.1.el9_5
rv
5.14.0-503.26.1.el9_5
kernel-cross-headers
5.14.0-503.26.1.el9_5
kernel-tools-libs-devel
5.14.0-503.26.1.el9_5
libperf
5.14.0-503.26.1.el9_5
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : dentry_name+0xd8/0x224 lr : pointer+0x22c/0x370 sp : ffff800025f134c0 ...... Call trace: dentry_name+0xd8/0x224 pointer+0x22c/0x370 vsnprintf+0x1ec/0x730 vscnprintf+0x2c/0x60 vprintk_store+0x70/0x234 vprintk_emit+0xe0/0x24c vprintk_default+0x3c/0x44 vprintk_func+0x84/0x2d0 printk+0x64/0x88 __dump_page+0x52c/0x530 dump_page+0x14/0x20 set_migratetype_isolate+0x110/0x224 start_isolate_page_range+0xc4/0x20c offline_pages+0x124/0x474 memory_block_offline+0x44/0xf4 memory_subsys_offline+0x3c/0x70 device_offline+0xf0/0x120 ...... After analyzing the vmcore, I found this issue is caused by page migration. The scenario is that, one thread is doing page migration, and we will use the target ...
In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : dentry_name+0xd8/0x224 lr : pointer+0x22c/0x370 sp : ffff800025f134c0 ...... Call trace: dentry_name+0xd8/0x224 pointer+0x22c/0x370 vsnprintf+0x1ec/0x730 vscnprintf+0x2c/0x60 vprintk_store+0x70/0x234 vprintk_emit+0xe0/0x24c vprintk_default+0x3c/0x44 vprintk_func+0x84/0x2d0 printk+0x64/0x88 __dump_page+0x52c/0x530 dump_page+0x14/0x20 set_migratetype_isolate+0x110/0x224 start_isolate_page_range+0xc4/0x20c offline_pages+0x124/0x474 memory_block_offline+0x44/0xf4 memory_subsys_offline+0x3c/0x70 device_offline+0xf0/0x120 ...... After analyzing the vmcore, I found this issue is caused by page migration. The scenario is that, one thread is doing page migration, and we will use the target ...
In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : dentry_name+0xd8/0x224 lr : pointer+0x22c/0x370 sp : ffff800025f134c0 ...... Call trace: dentry_name+0xd8/0x224 pointer+0x22c/0x370 vsnprintf+0x1ec/0x730 vscnprintf+0x2c/0x60 vprintk_store+0x70/0x234 vprintk_emit+0xe0/0x24c vprintk_default+0x3c/0x44 vprintk_func+0x84/0x2d0 printk+0x64/0x88 __dump_page+0x52c/0x530 dump_page+0x14/0x20 set_migratetype_isolate+0x110/0x224 start_isolate_page_range+0xc4/0x20c offline_pages+0x124/0x474 memory_block_offline+0x44/0xf4 memory_subsys_offline+0x3c/0x70 device_offline+0xf0/0x120 ...... After analyzing the vmcore, I found this issue is caused by page migration. The scenario is that, one thread is doing page m
In the Linux kernel, the following vulnerability has been resolved: m ...
In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : dentry_name+0xd8/0x224 lr : pointer+0x22c/0x370 sp : ffff800025f134c0 ...... Call trace: dentry_name+0xd8/0x224 pointer+0x22c/0x370 vsnprintf+0x1ec/0x730 vscnprintf+0x2c/0x60 vprintk_store+0x70/0x234 vprintk_emit+0xe0/0x24c vprintk_default+0x3c/0x44 vprintk_func+0x84/0x2d0 printk+0x64/0x88 __dump_page+0x52c/0x530 dump_page+0x14/0x20 set_migratetype_isolate+0x110/0x224 start_isolate_page_range+0xc4/0x20c offline_pages+0x124/0x474 memory_block_offline+0x44/0xf4 memory_subsys_offline+0x3c/0x70 device_offline+0xf0/0x120 ...... After analyzing the vmcore, I found this issue is caused by page migration. The scenario is that, one thread is doing pag...