Описание
ELSA-2025-20371: Unbreakable Enterprise kernel security update (IMPORTANT)
[6.12.0-100.28.2.el10uek]
- sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash (Omar Sandoval)
- certs: Add new Oracle Linux Driver Signing (key 1) certificate (Sherry Yang) [Orabug: 37967533]
- Revert 'block: sysfs option to change ioticks granularity' (Gulam Mohamed) [Orabug: 37921776]
- RDS: use pin_user_pages_fast() (Stephen Brennan) [Orabug: 37968545]
[6.12.0-100.28.1.el10uek]
- KVM: SEV: Add KVM_SEV_SNP_ENABLE_REQ_CERTS command (Michael Roth) [Orabug: 37894105]
- KVM: Introduce KVM_EXIT_SNP_REQ_CERTS for SNP certificate-fetching (Michael Roth) [Orabug: 37894105]
- Revert 'KVM: Introduce KVM_EXIT_SNP_REQ_CERTS for SNP certificate-fetching' (Liam Merwick) [Orabug: 37894105]
- uek-rpm: Enable SECURITY_DMESG_RESTRICT in UEK8 (Harshit Mogalapalli) [Orabug: 37867042]
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
kernel-uek
6.12.0-100.28.2.el10uek
kernel-uek-core
6.12.0-100.28.2.el10uek
kernel-uek-debug
6.12.0-100.28.2.el10uek
kernel-uek-debug-core
6.12.0-100.28.2.el10uek
kernel-uek-debug-devel
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules-core
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules-deprecated
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules-desktop
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules-extra
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules-extra-netfilter
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules-usb
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules-wireless
6.12.0-100.28.2.el10uek
kernel-uek-devel
6.12.0-100.28.2.el10uek
kernel-uek-modules
6.12.0-100.28.2.el10uek
kernel-uek-modules-core
6.12.0-100.28.2.el10uek
kernel-uek-modules-deprecated
6.12.0-100.28.2.el10uek
kernel-uek-modules-desktop
6.12.0-100.28.2.el10uek
kernel-uek-modules-extra
6.12.0-100.28.2.el10uek
kernel-uek-modules-extra-netfilter
6.12.0-100.28.2.el10uek
kernel-uek-modules-usb
6.12.0-100.28.2.el10uek
kernel-uek-modules-wireless
6.12.0-100.28.2.el10uek
kernel-uek-tools
6.12.0-100.28.2.el10uek
kernel-uek64k
6.12.0-100.28.2.el10uek
kernel-uek64k-core
6.12.0-100.28.2.el10uek
kernel-uek64k-devel
6.12.0-100.28.2.el10uek
kernel-uek64k-modules
6.12.0-100.28.2.el10uek
kernel-uek64k-modules-core
6.12.0-100.28.2.el10uek
kernel-uek64k-modules-deprecated
6.12.0-100.28.2.el10uek
kernel-uek64k-modules-desktop
6.12.0-100.28.2.el10uek
kernel-uek64k-modules-extra
6.12.0-100.28.2.el10uek
kernel-uek64k-modules-extra-netfilter
6.12.0-100.28.2.el10uek
kernel-uek64k-modules-usb
6.12.0-100.28.2.el10uek
kernel-uek64k-modules-wireless
6.12.0-100.28.2.el10uek
Oracle Linux x86_64
kernel-uek
6.12.0-100.28.2.el10uek
kernel-uek-core
6.12.0-100.28.2.el10uek
kernel-uek-debug
6.12.0-100.28.2.el10uek
kernel-uek-debug-core
6.12.0-100.28.2.el10uek
kernel-uek-debug-devel
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules-core
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules-deprecated
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules-desktop
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules-extra
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules-extra-netfilter
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules-usb
6.12.0-100.28.2.el10uek
kernel-uek-debug-modules-wireless
6.12.0-100.28.2.el10uek
kernel-uek-devel
6.12.0-100.28.2.el10uek
kernel-uek-doc
6.12.0-100.28.2.el10uek
kernel-uek-modules
6.12.0-100.28.2.el10uek
kernel-uek-modules-core
6.12.0-100.28.2.el10uek
kernel-uek-modules-deprecated
6.12.0-100.28.2.el10uek
kernel-uek-modules-desktop
6.12.0-100.28.2.el10uek
kernel-uek-modules-extra
6.12.0-100.28.2.el10uek
kernel-uek-modules-extra-netfilter
6.12.0-100.28.2.el10uek
kernel-uek-modules-usb
6.12.0-100.28.2.el10uek
kernel-uek-modules-wireless
6.12.0-100.28.2.el10uek
kernel-uek-tools
6.12.0-100.28.2.el10uek
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash There is a code path in dequeue_entities() that can set the slice of a sched_entity to U64_MAX, which sometimes results in a crash. The offending case is when dequeue_entities() is called to dequeue a delayed group entity, and then the entity's parent's dequeue is delayed. In that case: 1. In the if (entity_is_task(se)) else block at the beginning of dequeue_entities(), slice is set to cfs_rq_min_slice(group_cfs_rq(se)). If the entity was delayed, then it has no queued tasks, so cfs_rq_min_slice() returns U64_MAX. 2. The first for_each_sched_entity() loop dequeues the entity. 3. If the entity was its parent's only child, then the next iteration tries to dequeue the parent. 4. If the parent's dequeue needs to be delayed, then it breaks from the first for_each_sched_entity() loop _without updating slice_. 5. The second for_each_sched_entity() loop...
In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash There is a code path in dequeue_entities() that can set the slice of a sched_entity to U64_MAX, which sometimes results in a crash. The offending case is when dequeue_entities() is called to dequeue a delayed group entity, and then the entity's parent's dequeue is delayed. In that case: 1. In the if (entity_is_task(se)) else block at the beginning of dequeue_entities(), slice is set to cfs_rq_min_slice(group_cfs_rq(se)). If the entity was delayed, then it has no queued tasks, so cfs_rq_min_slice() returns U64_MAX. 2. The first for_each_sched_entity() loop dequeues the entity. 3. If the entity was its parent's only child, then the next iteration tries to dequeue the parent. 4. If the parent's dequeue needs to be delayed, then it breaks from the first for_each_sched_entity() loop _without updating slice_. 5. The second for_each_sched_entity() loop set...
In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash There is a code path in dequeue_entities() that can set the slice of a sched_entity to U64_MAX, which sometimes results in a crash. The offending case is when dequeue_entities() is called to dequeue a delayed group entity, and then the entity's parent's dequeue is delayed. In that case: 1. In the if (entity_is_task(se)) else block at the beginning of dequeue_entities(), slice is set to cfs_rq_min_slice(group_cfs_rq(se)). If the entity was delayed, then it has no queued tasks, so cfs_rq_min_slice() returns U64_MAX. 2. The first for_each_sched_entity() loop dequeues the entity. 3. If the entity was its parent's only child, then the next iteration tries to dequeue the parent. 4. If the parent's dequeue needs to be delayed, then it breaks from the first for_each_sched_entity() loop _without updating slice_. 5. The second for_each_sched_e
In the Linux kernel, the following vulnerability has been resolved: s ...
In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash There is a code path in dequeue_entities() that can set the slice of a sched_entity to U64_MAX, which sometimes results in a crash. The offending case is when dequeue_entities() is called to dequeue a delayed group entity, and then the entity's parent's dequeue is delayed. In that case: 1. In the if (entity_is_task(se)) else block at the beginning of dequeue_entities(), slice is set to cfs_rq_min_slice(group_cfs_rq(se)). If the entity was delayed, then it has no queued tasks, so cfs_rq_min_slice() returns U64_MAX. 2. The first for_each_sched_entity() loop dequeues the entity. 3. If the entity was its parent's only child, then the next iteration tries to dequeue the parent. 4. If the parent's dequeue needs to be delayed, then it breaks from the first for_each_sched_entity() loop _without updating slice_. 5. The second for_each_sche...