Описание
ELSA-2025-19409: kernel security update (MODERATE)
[5.14.0-570.60.1.0.1]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]
[5.14.0-570.60.1]
- ibmveth: Add multi buffers rx replenishment hcall support (Mamatha Inamdar) [RHEL-117437]
- net: ibmveth: Reset the adapter when unexpected states are detected (Mamatha Inamdar) [RHEL-117437]
- crypto: xts - Handle EBUSY correctly (CKI Backport Bot) [RHEL-119235] {CVE-2023-53494}
[5.14.0-570.59.1]
- nvme-tcp: fix premature queue removal and I/O failover (Maurizio Lombardi) [RHEL-105111]
- KVM: arm64: Disable MPAM visibility by default and ignore VMM writes (Gavin Shan) [RHEL-120964]
- KVM: arm64: Add a macro for creating filtered sys_reg_descs entries (Gavin Shan) [RHEL-120964]
- NFSv4: Allow FREE_STATEID to clean up delegations (Benjamin Coddington) [RHEL-118857]
- SUNRPC: Cleanup/fix initial rq_pages allocation (Benjamin Coddington) [RHEL-108160]
- fs: fix UAF/GPF bug in nilfs_mdt_destroy (CKI Backport Bot) [RHEL-116666] {CVE-2022-50367}
- ipv6: sr: Fix MAC comparison to be constant-time (CKI Backport Bot) [RHEL-116384] {CVE-2025-39702}
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
kernel-cross-headers
5.14.0-570.60.1.0.1.el9_6
kernel-tools-libs-devel
5.14.0-570.60.1.0.1.el9_6
libperf
5.14.0-570.60.1.0.1.el9_6
kernel-headers
5.14.0-570.60.1.0.1.el9_6
perf
5.14.0-570.60.1.0.1.el9_6
python3-perf
5.14.0-570.60.1.0.1.el9_6
rtla
5.14.0-570.60.1.0.1.el9_6
rv
5.14.0-570.60.1.0.1.el9_6
kernel-tools
5.14.0-570.60.1.0.1.el9_6
kernel-tools-libs
5.14.0-570.60.1.0.1.el9_6
Oracle Linux x86_64
kernel
5.14.0-570.60.1.0.1.el9_6
kernel-abi-stablelists
5.14.0-570.60.1.0.1.el9_6
kernel-core
5.14.0-570.60.1.0.1.el9_6
kernel-debug
5.14.0-570.60.1.0.1.el9_6
kernel-debug-core
5.14.0-570.60.1.0.1.el9_6
kernel-debug-modules
5.14.0-570.60.1.0.1.el9_6
kernel-debug-modules-core
5.14.0-570.60.1.0.1.el9_6
kernel-debug-modules-extra
5.14.0-570.60.1.0.1.el9_6
kernel-debug-uki-virt
5.14.0-570.60.1.0.1.el9_6
kernel-modules
5.14.0-570.60.1.0.1.el9_6
kernel-modules-core
5.14.0-570.60.1.0.1.el9_6
kernel-modules-extra
5.14.0-570.60.1.0.1.el9_6
kernel-tools
5.14.0-570.60.1.0.1.el9_6
kernel-tools-libs
5.14.0-570.60.1.0.1.el9_6
kernel-uki-virt
5.14.0-570.60.1.0.1.el9_6
kernel-uki-virt-addons
5.14.0-570.60.1.0.1.el9_6
kernel-debug-devel
5.14.0-570.60.1.0.1.el9_6
kernel-debug-devel-matched
5.14.0-570.60.1.0.1.el9_6
kernel-devel
5.14.0-570.60.1.0.1.el9_6
kernel-devel-matched
5.14.0-570.60.1.0.1.el9_6
kernel-doc
5.14.0-570.60.1.0.1.el9_6
kernel-headers
5.14.0-570.60.1.0.1.el9_6
perf
5.14.0-570.60.1.0.1.el9_6
python3-perf
5.14.0-570.60.1.0.1.el9_6
rtla
5.14.0-570.60.1.0.1.el9_6
rv
5.14.0-570.60.1.0.1.el9_6
kernel-cross-headers
5.14.0-570.60.1.0.1.el9_6
kernel-tools-libs-devel
5.14.0-570.60.1.0.1.el9_6
libperf
5.14.0-570.60.1.0.1.el9_6
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode() returns true and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(), which frees the uninitialized inode->i_private and leads to crashes(e.g., UAF/GPF). Fix this by moving security_inode_alloc just prior to this_cpu_inc(nr_inodes)
In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode() returns true and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(), which frees the uninitialized inode->i_private and leads to crashes(e.g., UAF/GPF). Fix this by moving security_inode_alloc just prior to this_cpu_inc(nr_inodes)
In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode() returns true and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(), which frees the uninitialized inode->i_private and leads to crashes(e.g., UAF/GPF). Fix this by moving security_inode_alloc just prior to this_cpu_inc(nr_inodes)
In the Linux kernel, the following vulnerability has been resolved: f ...
In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode() returns true and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(), which frees the uninitialized inode->i_private and leads to crashes(e.g., UAF/GPF). Fix this by moving security_inode_alloc just prior to this_cpu_inc(nr_inodes)