ELSA-2025-19105

Опубликовано: 28 окт. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-19105: kernel security update (MODERATE)

[5.14.0-570.58.1.0.1]

nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
Disable UKI signing [Orabug: 36571828]
Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
Add Oracle Linux IMA certificates
Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

[5.14.0-570.58.1]

pstore/ram: Check start of empty przs during init (CKI Backport Bot) [RHEL-122067] {CVE-2023-53331}
vsock/virtio: Validate length in packet header before skb_put() (Jon Maloy) [RHEL-114299] {CVE-2025-39718}

[5.14.0-570.57.1]

NFSv4/flexfiles: Fix layout merge mirror check. (Benjamin Coddington) [RHEL-118731]
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CKI Backport Bot) [RHEL-113610] {CVE-2025-39730}

[5.14.0-570.56.1]

NFS: Return the file btime in the statx results when appropriate (Benjamin Coddington) [RHEL-111706]
nfs: Add timecreate to nfs inode (Benjamin Coddington) [RHEL-111706]
Expand the type of nfs_fattr->valid (Benjamin Coddington) [RHEL-111706]
smb: client: fix wrong index reference in smb2_compound_op() (Paulo Alcantara) [RHEL-117879]
smb: client: handle unlink(2) of files open by different clients (Paulo Alcantara) [RHEL-117879]
smb: client: fix file open check in __cifs_unlink() (Paulo Alcantara) [RHEL-117879]
smb: client: fix filename matching of deferred files (Paulo Alcantara) [RHEL-117879]
smb: client: fix data loss due to broken rename(2) (Paulo Alcantara) [RHEL-117879]
smb: client: fix compound alignment with encryption (Paulo Alcantara) [RHEL-117879]
fs/smb: Fix inconsistent refcnt update (Paulo Alcantara) [RHEL-117879] {CVE-2025-39819}
ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (CKI Backport Bot) [RHEL-114848] {CVE-2025-39751}
NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (Benjamin Coddington) [RHEL-116232]
xfs: make sure sb_fdblocks is non-negative (CKI Backport Bot) [RHEL-114540]
block: fix adding folio to bio (Ming Lei) [RHEL-96789]

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

kernel-cross-headers

5.14.0-570.58.1.0.1.el9_6

kernel-tools-libs-devel

5.14.0-570.58.1.0.1.el9_6

libperf

5.14.0-570.58.1.0.1.el9_6

kernel-tools

5.14.0-570.58.1.0.1.el9_6

kernel-tools-libs

5.14.0-570.58.1.0.1.el9_6

kernel-headers

5.14.0-570.58.1.0.1.el9_6

perf

5.14.0-570.58.1.0.1.el9_6

python3-perf

5.14.0-570.58.1.0.1.el9_6

rtla

5.14.0-570.58.1.0.1.el9_6

Oracle Linux x86_64

kernel

5.14.0-570.58.1.0.1.el9_6

kernel-abi-stablelists

5.14.0-570.58.1.0.1.el9_6

kernel-core

5.14.0-570.58.1.0.1.el9_6

kernel-debug

5.14.0-570.58.1.0.1.el9_6

kernel-debug-core

5.14.0-570.58.1.0.1.el9_6

kernel-debug-modules

5.14.0-570.58.1.0.1.el9_6

kernel-debug-modules-core

5.14.0-570.58.1.0.1.el9_6

kernel-debug-modules-extra

5.14.0-570.58.1.0.1.el9_6

kernel-debug-uki-virt

5.14.0-570.58.1.0.1.el9_6

kernel-modules

5.14.0-570.58.1.0.1.el9_6

kernel-modules-core

5.14.0-570.58.1.0.1.el9_6

kernel-modules-extra

5.14.0-570.58.1.0.1.el9_6

kernel-tools

5.14.0-570.58.1.0.1.el9_6

kernel-tools-libs

5.14.0-570.58.1.0.1.el9_6

kernel-uki-virt

5.14.0-570.58.1.0.1.el9_6

kernel-uki-virt-addons

5.14.0-570.58.1.0.1.el9_6

kernel-debug-devel

5.14.0-570.58.1.0.1.el9_6

kernel-debug-devel-matched

5.14.0-570.58.1.0.1.el9_6

kernel-devel

5.14.0-570.58.1.0.1.el9_6

kernel-devel-matched

5.14.0-570.58.1.0.1.el9_6

kernel-doc

5.14.0-570.58.1.0.1.el9_6

kernel-headers

5.14.0-570.58.1.0.1.el9_6

perf

5.14.0-570.58.1.0.1.el9_6

python3-perf

5.14.0-570.58.1.0.1.el9_6

rtla

5.14.0-570.58.1.0.1.el9_6

kernel-cross-headers

5.14.0-570.58.1.0.1.el9_6

kernel-tools-libs-devel

5.14.0-570.58.1.0.1.el9_6

libperf

5.14.0-570.58.1.0.1.el9_6

Связанные CVE

Ссылки на источники

Связанные уязвимости

CVE-2023-53331

ubuntu

около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a ("pstore/ram: Do not treat empty buffers as valid"), initialization would assume a prz was valid after seeing that the buffer_size is zero (regardless of the buffer start position). This unchecked start value means it could be outside the bounds of the buffer, leading to future access panics when written to: sysdump_panic_event+0x3b4/0x5b8 atomic_notifier_call_chain+0x54/0x90 panic+0x1c8/0x42c die+0x29c/0x2a8 die_kernel_fault+0x68/0x78 __do_kernel_fault+0x1c4/0x1e0 do_bad_area+0x40/0x100 do_translation_fault+0x68/0x80 do_mem_abort+0x68/0xf8 el1_da+0x1c/0xc0 __raw_writeb+0x38/0x174 __memcpy_toio+0x40/0xac persistent_ram_update+0x44/0x12c persistent_ram_write+0x1a8/0x1b8 ramoops_pstore_write+0x198/0x1e8 pstore_console_write+0x94/0xe0 ... To avoid this, also check if the prz start is 0 during the initialization phase. If not, the next prz sanit...

CVE-2023-53331

CVSS3: 7

redhat

около 2 месяцев назад

CVE-2023-53331

nvd

около 2 месяцев назад

CVE-2023-53331

debian

около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: p ...

ELSA-2025-19106

oracle-oval

8 дней назад

ELSA-2025-19106: kernel security update (MODERATE)