Описание
ELSA-2025-22395: kernel security update (MODERATE)
[6.12.0-124.16.1]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Update module name for cryptographic module [Orabug: 37400433]
- Clean git history at setup stage
[6.12.0-124.16.1]
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (Xin Long) [RHEL-125759]
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (CKI Backport Bot) [RHEL-119161] {CVE-2025-39883}
[6.12.0-124.15.1]
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CKI Backport Bot) [RHEL-125623] {CVE-2025-38724}
- wifi: mt76: free pending offchannel tx frames on wcid cleanup (Jose Ignacio Tornos Martinez) [RHEL-123070]
- wifi: mt76: do not add non-sta wcid entries to the poll list (Jose Ignacio Tornos Martinez) [RHEL-123070]
- wifi: mt76: fix linked list corruption (Jose Ignacio Tornos Martinez) [RHEL-123070] {CVE-2025-39918}
[6.12.0-124.14.1]
- ublk: make sure ubq->canceling is set when queue is frozen (Ming Lei) [RHEL-99436] {CVE-2025-22068}
- e1000e: fix heap overflow in e1000_set_eeprom (Corinna Vinschen) [RHEL-123127] {CVE-2025-39898}
- i40e: add mask to apply valid bits for itr_idx (Michal Schmidt) [RHEL-123811]
- i40e: add max boundary check for VF filters (Michal Schmidt) [RHEL-123811] {CVE-2025-39968}
- i40e: fix validation of VF state in get resources (Michal Schmidt) [RHEL-123811] {CVE-2025-39969}
- i40e: fix input validation logic for action_meta (Michal Schmidt) [RHEL-123811] {CVE-2025-39970}
- i40e: fix idx validation in config queues msg (Michal Schmidt) [RHEL-123811] {CVE-2025-39971}
- i40e: fix idx validation in i40e_validate_queue_map (Michal Schmidt) [RHEL-123811] {CVE-2025-39972}
- i40e: add validation for ring_len param (Michal Schmidt) [RHEL-123811] {CVE-2025-39973}
- nvme-multipath: Skip nr_active increments in RETRY disposition (Ewan D. Milne) [RHEL-123689]
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
kernel-headers
6.12.0-124.16.1.el10_1
perf
6.12.0-124.16.1.el10_1
python3-perf
6.12.0-124.16.1.el10_1
rtla
6.12.0-124.16.1.el10_1
rv
6.12.0-124.16.1.el10_1
kernel-tools
6.12.0-124.16.1.el10_1
kernel-tools-libs
6.12.0-124.16.1.el10_1
kernel-cross-headers
6.12.0-124.16.1.el10_1
kernel-tools-libs-devel
6.12.0-124.16.1.el10_1
libperf
6.12.0-124.16.1.el10_1
Oracle Linux x86_64
kernel-debug-uki-virt
6.12.0-124.16.1.el10_1
kernel-debug-devel
6.12.0-124.16.1.el10_1
kernel-debug-devel-matched
6.12.0-124.16.1.el10_1
kernel-devel
6.12.0-124.16.1.el10_1
kernel-devel-matched
6.12.0-124.16.1.el10_1
kernel-doc
6.12.0-124.16.1.el10_1
kernel-headers
6.12.0-124.16.1.el10_1
perf
6.12.0-124.16.1.el10_1
python3-perf
6.12.0-124.16.1.el10_1
rtla
6.12.0-124.16.1.el10_1
rv
6.12.0-124.16.1.el10_1
kernel
6.12.0-124.16.1.el10_1
kernel-abi-stablelists
6.12.0-124.16.1.el10_1
kernel-core
6.12.0-124.16.1.el10_1
kernel-debug
6.12.0-124.16.1.el10_1
kernel-debug-core
6.12.0-124.16.1.el10_1
kernel-debug-modules
6.12.0-124.16.1.el10_1
kernel-debug-modules-core
6.12.0-124.16.1.el10_1
kernel-debug-modules-extra
6.12.0-124.16.1.el10_1
kernel-modules
6.12.0-124.16.1.el10_1
kernel-modules-core
6.12.0-124.16.1.el10_1
kernel-modules-extra
6.12.0-124.16.1.el10_1
kernel-modules-extra-matched
6.12.0-124.16.1.el10_1
kernel-tools
6.12.0-124.16.1.el10_1
kernel-tools-libs
6.12.0-124.16.1.el10_1
kernel-uki-virt
6.12.0-124.16.1.el10_1
kernel-uki-virt-addons
6.12.0-124.16.1.el10_1
kernel-cross-headers
6.12.0-124.16.1.el10_1
kernel-tools-libs-devel
6.12.0-124.16.1.el10_1
libperf
6.12.0-124.16.1.el10_1
Ссылки на источники
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: ublk: make sure ubq->canceling is set when queue is frozen Now ublk driver depends on `ubq->canceling` for deciding if the request can be dispatched via uring_cmd & io_uring_cmd_complete_in_task(). Once ubq->canceling is set, the uring_cmd can be done via ublk_cancel_cmd() and io_uring_cmd_done(). So set ubq->canceling when queue is frozen, this way makes sure that the flag can be observed from ublk_queue_rq() reliably, and avoids use-after-free on uring_cmd.
In the Linux kernel, the following vulnerability has been resolved: ublk: make sure ubq->canceling is set when queue is frozen Now ublk driver depends on `ubq->canceling` for deciding if the request can be dispatched via uring_cmd & io_uring_cmd_complete_in_task(). Once ubq->canceling is set, the uring_cmd can be done via ublk_cancel_cmd() and io_uring_cmd_done(). So set ubq->canceling when queue is frozen, this way makes sure that the flag can be observed from ublk_queue_rq() reliably, and avoids use-after-free on uring_cmd.
In the Linux kernel, the following vulnerability has been resolved: ublk: make sure ubq->canceling is set when queue is frozen Now ublk driver depends on `ubq->canceling` for deciding if the request can be dispatched via uring_cmd & io_uring_cmd_complete_in_task(). Once ubq->canceling is set, the uring_cmd can be done via ublk_cancel_cmd() and io_uring_cmd_done(). So set ubq->canceling when queue is frozen, this way makes sure that the flag can be observed from ublk_queue_rq() reliably, and avoids use-after-free on uring_cmd.
In the Linux kernel, the following vulnerability has been resolved: u ...