Описание
ELSA-2025-18297: kernel security update (MODERATE)
[4.18.0-553.80.1_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]
[4.18.0-553.80.1_10]
- block: remove some blk_mq_hw_ctx debugfs entries (Ricardo Robaina) [RHEL-8816]
- blk-mq: Remove the hctx 'run' debugfs attribute (Ricardo Robaina) [RHEL-8816]
- block: remove debugfs blk_mq_ctx dispatched/merged/completed attributes (Ricardo Robaina) [RHEL-8816]
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (CKI Backport Bot) [RHEL-114840] {CVE-2025-39751}
- crypto: seqiv - Handle EBUSY correctly (CKI Backport Bot) [RHEL-117228] {CVE-2023-53373}
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Jaroslav Kysela) [RHEL-114681] {CVE-2025-38729}
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (Jaroslav Kysela) [RHEL-114681]
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (Jaroslav Kysela) [RHEL-114681] {CVE-2025-39757}
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
kernel-tools-libs-devel
4.18.0-553.80.1.el8_10
bpftool
4.18.0-553.80.1.el8_10
kernel-cross-headers
4.18.0-553.80.1.el8_10
kernel-headers
4.18.0-553.80.1.el8_10
kernel-tools
4.18.0-553.80.1.el8_10
kernel-tools-libs
4.18.0-553.80.1.el8_10
perf
4.18.0-553.80.1.el8_10
python3-perf
4.18.0-553.80.1.el8_10
Oracle Linux x86_64
kernel-tools-libs-devel
4.18.0-553.80.1.el8_10
bpftool
4.18.0-553.80.1.el8_10
kernel
4.18.0-553.80.1.el8_10
kernel-abi-stablelists
4.18.0-553.80.1.el8_10
kernel-core
4.18.0-553.80.1.el8_10
kernel-cross-headers
4.18.0-553.80.1.el8_10
kernel-debug
4.18.0-553.80.1.el8_10
kernel-debug-core
4.18.0-553.80.1.el8_10
kernel-debug-devel
4.18.0-553.80.1.el8_10
kernel-debug-modules
4.18.0-553.80.1.el8_10
kernel-debug-modules-extra
4.18.0-553.80.1.el8_10
kernel-devel
4.18.0-553.80.1.el8_10
kernel-doc
4.18.0-553.80.1.el8_10
kernel-headers
4.18.0-553.80.1.el8_10
kernel-modules
4.18.0-553.80.1.el8_10
kernel-modules-extra
4.18.0-553.80.1.el8_10
kernel-tools
4.18.0-553.80.1.el8_10
kernel-tools-libs
4.18.0-553.80.1.el8_10
perf
4.18.0-553.80.1.el8_10
python3-perf
4.18.0-553.80.1.el8_10
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free.
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free.
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free.
In the Linux kernel, the following vulnerability has been resolved: c ...