ELSA-2025-19930

Опубликовано: 10 нояб. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-19930: kernel security update (MODERATE)

[5.14.0-570.62.1.0.1]

nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
Disable UKI signing [Orabug: 36571828]
Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
Add Oracle Linux IMA certificates
Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

[5.14.0-570.62.1]

redhat/configs: Enable CONFIG_MITIGATION_VMSCAPE for x86 (Waiman Long) [RHEL-114270]
x86/vmscape: Add old Intel CPUs to affected list (Waiman Long) [RHEL-114270] {CVE-2025-40300}
x86/vmscape: Warn when STIBP is disabled with SMT (Waiman Long) [RHEL-114270] {CVE-2025-40300}
x86/bugs: Move cpu_bugs_smt_update() down (Waiman Long) [RHEL-114270] {CVE-2025-40300}
x86/vmscape: Enable the mitigation (Waiman Long) [RHEL-114270] {CVE-2025-40300}
x86/vmscape: Add conditional IBPB mitigation (Waiman Long) [RHEL-114270] {CVE-2025-40300}
x86/vmscape: Enumerate VMSCAPE bug (Waiman Long) [RHEL-114270] {CVE-2025-40300}
Documentation/hw-vuln: Add VMSCAPE documentation (Waiman Long) [RHEL-114270] {CVE-2025-40300}
randomize_kstack: Remove non-functional per-arch entropy filtering (Waiman Long) [RHEL-114270]
redhat/configs: Enable CONFIG_MITIGATION_TSA for x86 (Waiman Long) [RHEL-83896 RHEL-83905]
x86/process: Move the buffer clearing before MONITOR (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2024-36357 CVE-2024-36350}
x86/microcode/AMD: Add TSA microcode SHAs (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2024-36357 CVE-2024-36350}
KVM: SVM: Advertise TSA CPUID bits to guests (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2024-36357 CVE-2024-36350}
x86/bugs: Add a Transient Scheduler Attacks mitigation (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2024-36357 CVE-2024-36350}
x86/bugs: Rename MDS machinery to something more generic (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2024-36357 CVE-2024-36350} (Waiman Long) [RHEL-83896 RHEL-83905]
x86/idle: Remove .s output beautifying delimiters from simpler asm() templates (Waiman Long) [RHEL-83896 RHEL-83905]
x86/idle: Standardize argument types for MONITOR{,X} and MWAIT{,X} instruction wrappers on 'u32' (Waiman Long) [RHEL-83896 RHEL-83905]
x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Rename mmio_stale_data_clear to cpu_buf_vm_clear (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode: Consolidate the loader enablement checking (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2025-22047}
x86/microcode/AMD: Add some forgotten models to the SHA check (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode/AMD: Load only SHA256-checksummed patches (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode/AMD: Add get_patch_level() (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode/AMD: Remove unused save_microcode_in_initrd_amd() declarations (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature (Waiman Long) [RHEL-83896 RHEL-83905]
x86/cpu: Introduce new microcode matching helper (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode/AMD: Remove ret local var in early_apply_microcode() (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode/AMD: Have __apply_microcode_amd() return bool (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode/AMD: Return bool from find_blobs_in_containers() (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode/AMD: Flush patch buffer mapping after application (Waiman Long) [RHEL-83896 RHEL-83905]
x86/CPU/AMD: Terminate the erratum_1386_microcode array (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2024-56721}
x86/mm: Carve out INVLPG inline asm for use by others (Waiman Long) [RHEL-83896 RHEL-83905]
x86/cpu: Fix formatting of cpuid_bits[] in scattered.c (Waiman Long) [RHEL-83896 RHEL-83905]
x86/cpufeatures: Add X86_FEATURE_AMD_WORKLOAD_CLASS feature bit (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode/AMD: Split load_microcode_amd() (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode/AMD: Pay attention to the stepping dynamically (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Use code segment selector for VERW operand (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2024-50072}
x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (Waiman Long) [RHEL-83896 RHEL-83905]
x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (Waiman Long) [RHEL-83896 RHEL-83905]
x86/CPU/AMD: Improve the erratum 1386 workaround (Waiman Long) [RHEL-83896 RHEL-83905]
x86: Add a comment about the 'magic' behind shadow sti before mwait (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Revert 'Reverse instruction order of CLEAR_CPU_BUFFERS' (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: KVM: Add support for SRSO_MSR_FIX (Waiman Long) [RHEL-83896 RHEL-83905]
x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (Waiman Long) [RHEL-83896 RHEL-83905]
KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Add SRSO_USER_KERNEL_NO support (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Skip RSB fill at VMEXIT (Waiman Long) [RHEL-83896 RHEL-83905]
x86/cpufeatures: Add a IBPB_NO_RET BUG flag (Waiman Long) [RHEL-83896 RHEL-83905]
x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Fix handling when SRSO mitigation is disabled (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Add missing NO_SSB flag (Waiman Long) [RHEL-83896 RHEL-83905]
Documentation/srso: Document a method for checking safe RET operates properly (Waiman Long) [RHEL-83896 RHEL-83905]
redhat/configs: Add new CONFIG_MITIGATION_* kconfig files (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Add a separate config for GDS (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Remove GDS Force Kconfig option (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Add a separate config for SSB (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Add a separate config for Spectre V2 (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Add a separate config for SRBDS (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Add a separate config for Spectre v1 (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Add a separate config for RETBLEED (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Add a separate config for L1TF (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Add a separate config for MMIO Stable Data (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Add a separate config for TAA (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Add a separate config for MDS (Waiman Long) [RHEL-83896 RHEL-83905]
x86/cpufeatures: Flip the /proc/cpuinfo appearance logic (Waiman Long) [RHEL-83896 RHEL-83905]
x86/bugs: Switch to new Intel CPU model defines (Waiman Long) [RHEL-83896 RHEL-83905]
x86/cpu: Use EXPORT_PER_CPU_SYMBOL_GPL() for x86_spec_ctrl_current (Waiman Long) [RHEL-83896 RHEL-83905]
docs: move x86 documentation into Documentation/arch/ (Waiman Long) [RHEL-83896 RHEL-83905]
cxgb4: Avoid removal of uninserted tid JIRA: https://issues.redhat.com/browse/RHEL-112152 (Jakub Ramaseuski)

[5.14.0-570.61.1]

NFS: Extend rdirplus mount option with 'force|none' (CKI Backport Bot) [RHEL-118450]
sched: Fix stop_one_cpu_nowait() vs hotplug (Luis Claudio R. Goncalves) [RHEL-116212]
s390/hypfs: Enable limited access during lockdown (CKI Backport Bot) [RHEL-114433]
s390/hypfs: Avoid unnecessary ioctl registration in debugfs (CKI Backport Bot) [RHEL-114433]
debugfs: lockdown: Allow reading debugfs files that are not world readable (Mete Durlu) [RHEL-114433]

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

kernel-cross-headers

5.14.0-570.62.1.0.1.el9_6

kernel-tools-libs-devel

5.14.0-570.62.1.0.1.el9_6

libperf

5.14.0-570.62.1.0.1.el9_6

kernel-headers

5.14.0-570.62.1.0.1.el9_6

perf

5.14.0-570.62.1.0.1.el9_6

python3-perf

5.14.0-570.62.1.0.1.el9_6

rtla

5.14.0-570.62.1.0.1.el9_6

kernel-tools

5.14.0-570.62.1.0.1.el9_6

kernel-tools-libs

5.14.0-570.62.1.0.1.el9_6

Oracle Linux x86_64

kernel-core

5.14.0-570.62.1.0.1.el9_6

kernel-tools

5.14.0-570.62.1.0.1.el9_6

kernel-uki-virt-addons

5.14.0-570.62.1.0.1.el9_6

kernel-debug-devel

5.14.0-570.62.1.0.1.el9_6

kernel-debug-devel-matched

5.14.0-570.62.1.0.1.el9_6

kernel-devel

5.14.0-570.62.1.0.1.el9_6

kernel-devel-matched

5.14.0-570.62.1.0.1.el9_6

kernel-doc

5.14.0-570.62.1.0.1.el9_6

kernel-headers

5.14.0-570.62.1.0.1.el9_6

perf

5.14.0-570.62.1.0.1.el9_6

python3-perf

5.14.0-570.62.1.0.1.el9_6

rtla

5.14.0-570.62.1.0.1.el9_6

kernel-cross-headers

5.14.0-570.62.1.0.1.el9_6

kernel-tools-libs-devel

5.14.0-570.62.1.0.1.el9_6

libperf

5.14.0-570.62.1.0.1.el9_6

kernel

5.14.0-570.62.1.0.1.el9_6

kernel-abi-stablelists

5.14.0-570.62.1.0.1.el9_6

kernel-debug

5.14.0-570.62.1.0.1.el9_6

kernel-debug-core

5.14.0-570.62.1.0.1.el9_6

kernel-debug-modules

5.14.0-570.62.1.0.1.el9_6

kernel-debug-modules-core

5.14.0-570.62.1.0.1.el9_6

kernel-debug-modules-extra

5.14.0-570.62.1.0.1.el9_6

kernel-debug-uki-virt

5.14.0-570.62.1.0.1.el9_6

kernel-modules

5.14.0-570.62.1.0.1.el9_6

kernel-modules-core

5.14.0-570.62.1.0.1.el9_6

kernel-modules-extra

5.14.0-570.62.1.0.1.el9_6

kernel-tools-libs

5.14.0-570.62.1.0.1.el9_6

kernel-uki-virt

5.14.0-570.62.1.0.1.el9_6

Связанные CVE

CVE-2025-40300

CVE-2024-36357

CVE-2024-36350

Ссылки на источники

Связанные уязвимости

ELSA-2025-20405

oracle-oval

6 месяцев назад

ELSA-2025-20405: Unbreakable Enterprise kernel security update (MODERATE)

ELSA-2025-20404

oracle-oval

6 месяцев назад

ELSA-2025-20404: Unbreakable Enterprise kernel security update (MODERATE)

CVE-2025-40300

ubuntu

3 месяца назад

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize ...

CVE-2025-40300

CVSS3: 6.5

redhat

3 месяца назад

CVE-2025-40300

nvd

3 месяца назад