Описание
ELSA-2025-17797: kernel security update (MODERATE)
[4.18.0-553.79.1_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]
[4.18.0-553.79.1_10]
- Bluetooth: L2CAP: Fix use-after-free (CKI Backport Bot) [RHEL-116277] {CVE-2023-53305}
- KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (CKI Backport Bot) [RHEL-109748] {CVE-2022-50228}
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
kernel-tools-libs-devel
4.18.0-553.79.1.el8_10
bpftool
4.18.0-553.79.1.el8_10
kernel-cross-headers
4.18.0-553.79.1.el8_10
kernel-headers
4.18.0-553.79.1.el8_10
kernel-tools
4.18.0-553.79.1.el8_10
kernel-tools-libs
4.18.0-553.79.1.el8_10
perf
4.18.0-553.79.1.el8_10
python3-perf
4.18.0-553.79.1.el8_10
Oracle Linux x86_64
kernel-tools-libs-devel
4.18.0-553.79.1.el8_10
bpftool
4.18.0-553.79.1.el8_10
kernel
4.18.0-553.79.1.el8_10
kernel-abi-stablelists
4.18.0-553.79.1.el8_10
kernel-core
4.18.0-553.79.1.el8_10
kernel-cross-headers
4.18.0-553.79.1.el8_10
kernel-debug
4.18.0-553.79.1.el8_10
kernel-debug-core
4.18.0-553.79.1.el8_10
kernel-debug-devel
4.18.0-553.79.1.el8_10
kernel-debug-modules
4.18.0-553.79.1.el8_10
kernel-debug-modules-extra
4.18.0-553.79.1.el8_10
kernel-devel
4.18.0-553.79.1.el8_10
kernel-doc
4.18.0-553.79.1.el8_10
kernel-headers
4.18.0-553.79.1.el8_10
kernel-modules
4.18.0-553.79.1.el8_10
kernel-modules-extra
4.18.0-553.79.1.el8_10
kernel-tools
4.18.0-553.79.1.el8_10
kernel-tools-libs
4.18.0-553.79.1.el8_10
perf
4.18.0-553.79.1.el8_10
python3-perf
4.18.0-553.79.1.el8_10
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVM_SET_VCPU_EVENTS (even if having at least a WARN there would be correct for KVM internally generated injections). kernel BUG at arch/x86/kvm/svm/svm.c:3386! invalid opcode: 0000 [#1] SMP CPU: 15 PID: 926 Comm: smm_test Not tainted 5.17.0-rc3+ #264 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:svm_inject_irq+0xab/0xb0 [kvm_amd] Code: <0f> 0b 0f 1f 00 0f 1f 44 00 00 80 3d ac b3 01 00 00 55 48 89 f5 53 RSP: 0018:ffffc90000b37d88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88810a234ac0 RCX: 0000000000000006 RDX: 0000000000000000 RSI: ffffc90000b37df7 RDI: ffff88810a234ac0 RBP: ffffc90000b37df7 R08: ffff88810a1fa410 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 00000...
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVM_SET_VCPU_EVENTS (even if having at least a WARN there would be correct for KVM internally generated injections). kernel BUG at arch/x86/kvm/svm/svm.c:3386! invalid opcode: 0000 [#1] SMP CPU: 15 PID: 926 Comm: smm_test Not tainted 5.17.0-rc3+ #264 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:svm_inject_irq+0xab/0xb0 [kvm_amd] Code: <0f> 0b 0f 1f 00 0f 1f 44 00 00 80 3d ac b3 01 00 00 55 48 89 f5 53 RSP: 0018:ffffc90000b37d88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88810a234ac0 RCX: 0000000000000006 RDX: 0000000000000000 RSI: ffffc90000b37df7 RDI: ffff88810a234ac0 RBP: ffffc90000b37df7 R08: ffff88810a1fa410 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 00000...
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVM_SET_VCPU_EVENTS (even if having at least a WARN there would be correct for KVM internally generated injections). kernel BUG at arch/x86/kvm/svm/svm.c:3386! invalid opcode: 0000 [#1] SMP CPU: 15 PID: 926 Comm: smm_test Not tainted 5.17.0-rc3+ #264 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:svm_inject_irq+0xab/0xb0 [kvm_amd] Code: <0f> 0b 0f 1f 00 0f 1f 44 00 00 80 3d ac b3 01 00 00 55 48 89 f5 53 RSP: 0018:ffffc90000b37d88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88810a234ac0 RCX: 0000000000000006 RDX: 0000000000000000 RSI: ffffc90000b37df7 RDI: ffff88810a234ac0 RBP: ffffc90000b37df7 R08: ffff88810a1fa410 R09: 0000000000000000 R10: 0000000000000000 R11: 00000
In the Linux kernel, the following vulnerability has been resolved: K ...