Описание
ELSA-2025-21917: kernel security update (MODERATE)
[4.18.0-553.85.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]
[4.18.0-553.85.1]
- i40e: add mask to apply valid bits for itr_idx (Michal Schmidt) [RHEL-123799]
- i40e: add max boundary check for VF filters (Michal Schmidt) [RHEL-123799] {CVE-2025-39968}
- i40e: fix validation of VF state in get resources (Michal Schmidt) [RHEL-123799] {CVE-2025-39969}
- i40e: fix input validation logic for action_meta (Michal Schmidt) [RHEL-123799] {CVE-2025-39970}
- i40e: Fix filter input checks to prevent config with invalid values (Michal Schmidt) [RHEL-123799]
- i40e: fix idx validation in config queues msg (Michal Schmidt) [RHEL-123799] {CVE-2025-39971}
- i40e: fix: remove needless retries of NVM update (Michal Schmidt) [RHEL-123799]
- i40e: remove i40e_status (Michal Schmidt) [RHEL-123799]
- i40e: fix idx validation in i40e_validate_queue_map (Michal Schmidt) [RHEL-123799] {CVE-2025-39972}
- i40e: add validation for ring_len param (Michal Schmidt) [RHEL-123799] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Michal Schmidt) [RHEL-123799]
- drm/nouveau: Don't create connectors that aren't in disp.conn_mask (Lyude Paul) [RHEL-22122]
- NFS: Fix a race when updating an existing write (Olga Kornievskaia) [RHEL-113849] {CVE-2025-39697}
- nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests (Olga Kornievskaia) [RHEL-113849] {CVE-2025-39697}
- The rpminspect.yaml emptyrpm list needs to be expanded (Alexandra Hajkova)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
kernel-tools-libs-devel
4.18.0-553.85.1.el8_10
bpftool
4.18.0-553.85.1.el8_10
kernel-cross-headers
4.18.0-553.85.1.el8_10
kernel-headers
4.18.0-553.85.1.el8_10
kernel-tools
4.18.0-553.85.1.el8_10
kernel-tools-libs
4.18.0-553.85.1.el8_10
perf
4.18.0-553.85.1.el8_10
python3-perf
4.18.0-553.85.1.el8_10
Oracle Linux x86_64
kernel-tools-libs-devel
4.18.0-553.85.1.el8_10
kernel-headers
4.18.0-553.85.1.el8_10
bpftool
4.18.0-553.85.1.el8_10
kernel
4.18.0-553.85.1.el8_10
kernel-abi-stablelists
4.18.0-553.85.1.el8_10
kernel-core
4.18.0-553.85.1.el8_10
kernel-cross-headers
4.18.0-553.85.1.el8_10
kernel-debug
4.18.0-553.85.1.el8_10
kernel-debug-core
4.18.0-553.85.1.el8_10
kernel-debug-devel
4.18.0-553.85.1.el8_10
kernel-debug-modules
4.18.0-553.85.1.el8_10
kernel-debug-modules-extra
4.18.0-553.85.1.el8_10
kernel-devel
4.18.0-553.85.1.el8_10
kernel-doc
4.18.0-553.85.1.el8_10
kernel-modules
4.18.0-553.85.1.el8_10
kernel-modules-extra
4.18.0-553.85.1.el8_10
kernel-tools
4.18.0-553.85.1.el8_10
kernel-tools-libs
4.18.0-553.85.1.el8_10
perf
4.18.0-553.85.1.el8_10
python3-perf
4.18.0-553.85.1.el8_10
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg().
In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg().
