ELSA-2025-25754

Опубликовано: 09 нояб. 2025

Источник: oracle-oval

Платформа: Oracle Linux 10

Платформа: Oracle Linux 9

Описание

ELSA-2025-25754: Unbreakable Enterprise kernel security update (IMPORTANT)

[6.12.0-105.51.5]

RDMA/mlx5: Fix vport loopback forcing for MPV device (Patrisious Haddad) [Orabug: 38226124]
arm64: Utilize for_each_cpu_wrap for reference lookup (Beata Michalska) [Orabug: 38454705]
arm64: Update AMU-based freq scale factor on entering idle (Beata Michalska) [Orabug: 38454705]
arm64: Provide an AMU-based version of arch_freq_get_on_cpu (Beata Michalska) [Orabug: 38454705]
cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (Beata Michalska) [Orabug: 38454705]
cpufreq: Allow arch_freq_get_on_cpu to return an error (Beata Michalska) [Orabug: 38454705]
arch_topology: init capacity_freq_ref to 0 (Ionela Voinescu) [Orabug: 38454705]
ACPI/HMAT: Move HMAT messages to pr_debug() (Dan Williams) [Orabug: 38454705]
perf: arm_cspmu: nvidia: monitor all ports by default (Besar Wicaksono) [Orabug: 38454705]
perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (Besar Wicaksono) [Orabug: 38454705]
perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (Besar Wicaksono) [Orabug: 38454705]
perf: arm_cspmu: nvidia: remove unsupported SCF events (Besar Wicaksono) [Orabug: 38454705]
cppc_cpufreq: Remove HiSilicon CPPC workaround (Jie Zhan) [Orabug: 38454705]
Revert 'sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails' (Joseph Salisbury) [Orabug: 38498945]
uek-rpm/config-aarch64: Enable configs for Grace platform support (Vijay Kumar) [Orabug: 38526374]
LTS version: v6.12.51 (Jack Vogel)
ASoC: qcom: audioreach: fix potential null pointer dereference (Srinivas Kandagatla)
wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (Matvey Kovalev)
mm: swap: check for stable address space before operating on the VMA (Charan Teja Kalla)
media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (Thadeu Lima de Souza Cascardo)
media: rc: fix races with imon_disconnect() (Larshin Sergey)
media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou)
media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou)
scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran)
gcc-plugins: Remove TODO_verify_il for GCC >= 16 (Kees Cook)
crypto: sha256 - fix crash at kexec (Breno Leitao)
LTS version v6.12.50 (Jack Vogel)
drm/i915/backlight: Return immediately when scale() finds invalid parameters (Guenter Roeck)
Revert 'usb: xhci: remove option to change a default ring's TRB cycle bit' (Niklas Neronin)
iommufd: Fix race during abort for file descriptors (Jason Gunthorpe)
fbcon: Fix OOB access in font allocation (Thomas Zimmermann)
fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda)
mm/hugetlb: fix folio is still mapped when deleted (Jinjiang Tu)
kmsan: fix out-of-bounds access to shadow memory (Eric Biggers)
gpiolib: Extend software-node support to support secondary software-nodes (Hans de Goede)
fs/proc/task_mmu: check p->vec_buf for NULL (Jakub Acs)
afs: Fix potential null pointer dereference in afs_put_server (Zhen Ni)
drm/ast: Use msleep instead of mdelay for edid read (Nirmoy Das)
arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 ports (Josua Mayer)
arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes (Josua Mayer)
ARM: dts: socfpga: sodia: Fix mdio bus probe and PHY address (Nobuhiro Iwamatsu)
tracing: dynevent: Add a missing lockdown check on dynevent (Masami Hiramatsu (Google))
crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers)
i40e: improve VF MAC filters accounting (Lukasz Czapnik)
i40e: add mask to apply valid bits for itr_idx (Lukasz Czapnik)
i40e: add max boundary check for VF filters (Lukasz Czapnik)
i40e: fix validation of VF state in get resources (Lukasz Czapnik)
i40e: fix input validation logic for action_meta (Lukasz Czapnik)
i40e: fix idx validation in config queues msg (Lukasz Czapnik)
i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik)
i40e: add validation for ring_len param (Lukasz Czapnik)
HID: asus: add support for missing PX series fn keys (Amit Chaudhari)
smb: client: fix wrong index reference in smb2_compound_op() (Sang-Heon Jeon)
platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() (Daniel Lee)
drm/panthor: Defer scheduler entitiy destruction to queue release (Adrian Larumbe)
futex: Prevent use-after-free during requeue-PI (Sebastian Andrzej Siewior)
drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita)
mm: folio_may_be_lru_cached() unless folio_test_large() (Hugh Dickins)
mm: revert 'mm/gup: clear the LRU flag of a page before adding to LRU batch' (Hugh Dickins)
mm/gup: local lru_add_drain() to avoid lru_add_drain_all() (Hugh Dickins)
octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (Dan Carpenter)
net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to the CPU port (Vladimir Oltean)
net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup() (Vladimir Oltean)
selftests: fib_nexthops: Fix creation of non-FDB nexthops (Ido Schimmel)
nexthop: Forbid FDB status change while nexthop is in a group (Ido Schimmel)
net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS (Jason Baron)
bnxt_en: correct offset handling for IPv6 destination address (Alok Tiwari)
vhost: Take a reference on the task in struct vhost_task. (Sebastian Andrzej Siewior)
Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (Luiz Augusto von Dentz)
Bluetooth: hci_sync: Fix hci_resume_advertising_sync (Luiz Augusto von Dentz)
ethernet: rvu-af: Remove slash from the driver name (Petr Malat)
net/smc: fix warning in smc_rx_splice() when calling get_page() (Sidraya Jayagond)
net: tun: Update napi->skb after XDP process (Wang Liang)
can: peak_usb: fix shift-out-of-bounds issue (Stephane Grosjean)
can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (Sabrina Dubroca)
bpf: Reject bpf_timer for PREEMPT_RT (Leon Hwang)
can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (Geert Uytterhoeven)
wifi: virt_wifi: Fix page fault on connect (James Guan)
btrfs: don't allow adding block device of less than 1 MB (Mark Harmstone)
bpf: Check the helper function is valid in get_helper_proto (Jiri Olsa)
smb: server: use disable_work_sync in transport_rdma.c (Stefan Metzmacher)
smb: server: don't use delayed_work for post_recv_credits_work (Stefan Metzmacher)
cpufreq: Initialize cpufreq-based invariance before subsys (Christian Loehle)
ARM: dts: kirkwood: Fix sound DAI cells for OpenRD clients (Jihed Chaibi)
arm64: dts: imx8mp: Correct thermal sensor index (Peng Fan)
firmware: imx: Add stub functions for SCMI MISC API (Peng Fan)
HID: amd_sfh: Add sync across amd sfh work functions (Basavaraj Natikar)
IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (Or Har-Toov)
net: sfp: add quirk for FLYPRO copper SFP+ module (Aleksander Jan Bajkowski)
ALSA: usb-audio: Add mute TLV for playback volumes on more devices (qaqland)
ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (Cryolitia PukNgae)
ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (noble.yang)
i2c: designware: Add quirk for Intel Xe (Heikki Krogerus)
mmc: sdhci-cadence: add Mobileye eyeQ support (Benoit Monin)
net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick (Chris Morgan)
net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info (Marc Kleine-Budde)
usb: core: Add 0x prefix to quirks debug output (Jiayi Li)
ALSA: usb-audio: Fix build with CONFIG_INPUT=n (Takashi Iwai)
ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA (Stefan Binding)
ALSA: usb-audio: Convert comma to semicolon (Chen Ni)
ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (Cristian Ciocaltea)
ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (Cristian Ciocaltea)
ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (Cristian Ciocaltea)
ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (Cristian Ciocaltea)
ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (Cristian Ciocaltea)
ALSA: usb-audio: Fix block comments in mixer_quirks (Cristian Ciocaltea)
ALSA: usb-audio: Fix code alignment in mixer_quirks (Cristian Ciocaltea)
firewire: core: fix overlooked update of subsystem ABI version (Takashi Sakamoto)
scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE (Alok Tiwari)

[6.12.0-105.49.4]

fs/dax: don't disassociate zero page entries (Alistair Popple) [Orabug: 36859857]
device/dax: properly refcount device dax pages when mapping (Alistair Popple) [Orabug: 36859857]
fs/dax: properly refcount fs dax pages (Alistair Popple) [Orabug: 36859857]
fs/dax: Fix 'don't skip locked entries when scanning entries' (Alistair Popple) [Orabug: 36859857]
mm: decline to manipulate the refcount on a slab page (Matthew Wilcox (Oracle)) [Orabug: 36859857]
dcssblk: mark DAX broken, remove FS_DAX_LIMITED support (Dan Williams) [Orabug: 36859857]
mm/gup: don't allow FOLL_LONGTERM pinning of FS DAX pages (Alistair Popple) [Orabug: 36859857]
mm/huge_memory: add vmf_insert_folio_pmd() (Alistair Popple) [Orabug: 36859857]
mm/huge_memory: add vmf_insert_folio_pud() (Alistair Popple) [Orabug: 36859857]
mm/rmap: add support for PUD sized mappings to rmap (Alistair Popple) [Orabug: 36859857]
mm/memory: add vmf_insert_page_mkwrite() (Alistair Popple) [Orabug: 36859857]
mm/memory: enhance insert_page_into_pte_locked() to create writable mappings (Alistair Popple) [Orabug: 36859857]
mm: allow compound zone device pages (Alistair Popple) [Orabug: 36859857]
mm/mm_init: move p2pdma page refcount initialisation to p2pdma (Alistair Popple) [Orabug: 36859857]
mm/gup: remove redundant check for PCI P2PDMA page (Alistair Popple) [Orabug: 36859857]
fs/dax: remove PAGE_MAPPING_DAX_SHARED mapping flag (Alistair Popple) [Orabug: 36859857]
dax: use folios more widely within DAX (Matthew Wilcox (Oracle)) [Orabug: 36859857]
dax: remove access to page->index (Matthew Wilcox (Oracle)) [Orabug: 36859857]
fs/dax: ensure all pages are idle prior to filesystem unmount (Alistair Popple) [Orabug: 36859857]
fs/dax: always remove DAX page-cache entries when breaking layouts (Alistair Popple) [Orabug: 36859857]
mm: optimize invalidation of shadow entries (Shakeel Butt) [Orabug: 36859857]
mm: optimize truncation of shadow entries (Shakeel Butt) [Orabug: 36859857]
fs/dax: create a common implementation to break DAX layouts (Alistair Popple) [Orabug: 36859857]
fs/dax: refactor wait for dax idle page (Alistair Popple) [Orabug: 36859857]
fs/dax: don't skip locked entries when scanning entries (Alistair Popple) [Orabug: 36859857]
fs/dax: return unmapped busy pages from dax_layout_busy_page_range() (Alistair Popple) [Orabug: 36859857]
uek: kabi: Update check-kabi to support namespace checks (Saeed Mirzamohammadi) [Orabug: 38459242]

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

kernel-uek

6.12.0-105.51.5.el10uek

kernel-uek-core

6.12.0-105.51.5.el10uek

kernel-uek-debug

6.12.0-105.51.5.el10uek

kernel-uek-debug-core

6.12.0-105.51.5.el10uek

kernel-uek-debug-devel

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules-core

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules-deprecated

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules-desktop

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules-extra

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules-extra-netfilter

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules-usb

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules-wireless

6.12.0-105.51.5.el10uek

kernel-uek-devel

6.12.0-105.51.5.el10uek

kernel-uek-modules

6.12.0-105.51.5.el10uek

kernel-uek-modules-core

6.12.0-105.51.5.el10uek

kernel-uek-modules-deprecated

6.12.0-105.51.5.el10uek

kernel-uek-modules-desktop

6.12.0-105.51.5.el10uek

kernel-uek-modules-extra

6.12.0-105.51.5.el10uek

kernel-uek-modules-extra-netfilter

6.12.0-105.51.5.el10uek

kernel-uek-modules-usb

6.12.0-105.51.5.el10uek

kernel-uek-modules-wireless

6.12.0-105.51.5.el10uek

kernel-uek-tools

6.12.0-105.51.5.el10uek

kernel-uek64k

6.12.0-105.51.5.el10uek

kernel-uek64k-core

6.12.0-105.51.5.el10uek

kernel-uek64k-devel

6.12.0-105.51.5.el10uek

kernel-uek64k-modules

6.12.0-105.51.5.el10uek

kernel-uek64k-modules-core

6.12.0-105.51.5.el10uek

kernel-uek64k-modules-deprecated

6.12.0-105.51.5.el10uek

kernel-uek64k-modules-desktop

6.12.0-105.51.5.el10uek

kernel-uek64k-modules-extra

6.12.0-105.51.5.el10uek

kernel-uek64k-modules-extra-netfilter

6.12.0-105.51.5.el10uek

kernel-uek64k-modules-usb

6.12.0-105.51.5.el10uek

kernel-uek64k-modules-wireless

6.12.0-105.51.5.el10uek

Oracle Linux x86_64

kernel-uek

6.12.0-105.51.5.el10uek

kernel-uek-core

6.12.0-105.51.5.el10uek

kernel-uek-debug

6.12.0-105.51.5.el10uek

kernel-uek-debug-core

6.12.0-105.51.5.el10uek

kernel-uek-debug-devel

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules-core

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules-deprecated

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules-desktop

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules-extra

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules-extra-netfilter

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules-usb

6.12.0-105.51.5.el10uek

kernel-uek-debug-modules-wireless

6.12.0-105.51.5.el10uek

kernel-uek-devel

6.12.0-105.51.5.el10uek

kernel-uek-doc

6.12.0-105.51.5.el10uek

kernel-uek-modules

6.12.0-105.51.5.el10uek

kernel-uek-modules-core

6.12.0-105.51.5.el10uek

kernel-uek-modules-deprecated

6.12.0-105.51.5.el10uek

kernel-uek-modules-desktop

6.12.0-105.51.5.el10uek

kernel-uek-modules-extra

6.12.0-105.51.5.el10uek

kernel-uek-modules-extra-netfilter

6.12.0-105.51.5.el10uek

kernel-uek-modules-usb

6.12.0-105.51.5.el10uek

kernel-uek-modules-wireless

6.12.0-105.51.5.el10uek

kernel-uek-tools

6.12.0-105.51.5.el10uek

Oracle Linux 9

Oracle Linux aarch64

kernel-uek

6.12.0-105.51.5.el9uek

kernel-uek-core

6.12.0-105.51.5.el9uek

kernel-uek-debug

6.12.0-105.51.5.el9uek

kernel-uek-debug-core

6.12.0-105.51.5.el9uek

kernel-uek-debug-devel

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules-core

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules-deprecated

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules-desktop

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules-extra

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules-extra-netfilter

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules-usb

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules-wireless

6.12.0-105.51.5.el9uek

kernel-uek-devel

6.12.0-105.51.5.el9uek

kernel-uek-modules

6.12.0-105.51.5.el9uek

kernel-uek-modules-core

6.12.0-105.51.5.el9uek

kernel-uek-modules-deprecated

6.12.0-105.51.5.el9uek

kernel-uek-modules-desktop

6.12.0-105.51.5.el9uek

kernel-uek-modules-extra

6.12.0-105.51.5.el9uek

kernel-uek-modules-extra-netfilter

6.12.0-105.51.5.el9uek

kernel-uek-modules-usb

6.12.0-105.51.5.el9uek

kernel-uek-modules-wireless

6.12.0-105.51.5.el9uek

kernel-uek-tools

6.12.0-105.51.5.el9uek

kernel-uek64k

6.12.0-105.51.5.el9uek

kernel-uek64k-core

6.12.0-105.51.5.el9uek

kernel-uek64k-devel

6.12.0-105.51.5.el9uek

kernel-uek64k-modules

6.12.0-105.51.5.el9uek

kernel-uek64k-modules-core

6.12.0-105.51.5.el9uek

kernel-uek64k-modules-deprecated

6.12.0-105.51.5.el9uek

kernel-uek64k-modules-desktop

6.12.0-105.51.5.el9uek

kernel-uek64k-modules-extra

6.12.0-105.51.5.el9uek

kernel-uek64k-modules-extra-netfilter

6.12.0-105.51.5.el9uek

kernel-uek64k-modules-usb

6.12.0-105.51.5.el9uek

kernel-uek64k-modules-wireless

6.12.0-105.51.5.el9uek

Oracle Linux x86_64

kernel-uek

6.12.0-105.51.5.el9uek

kernel-uek-core

6.12.0-105.51.5.el9uek

kernel-uek-debug

6.12.0-105.51.5.el9uek

kernel-uek-debug-core

6.12.0-105.51.5.el9uek

kernel-uek-debug-devel

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules-core

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules-deprecated

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules-desktop

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules-extra

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules-extra-netfilter

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules-usb

6.12.0-105.51.5.el9uek

kernel-uek-debug-modules-wireless

6.12.0-105.51.5.el9uek

kernel-uek-devel

6.12.0-105.51.5.el9uek

kernel-uek-doc

6.12.0-105.51.5.el9uek

kernel-uek-modules

6.12.0-105.51.5.el9uek

kernel-uek-modules-core

6.12.0-105.51.5.el9uek

kernel-uek-modules-deprecated

6.12.0-105.51.5.el9uek

kernel-uek-modules-desktop

6.12.0-105.51.5.el9uek

kernel-uek-modules-extra

6.12.0-105.51.5.el9uek

kernel-uek-modules-extra-netfilter

6.12.0-105.51.5.el9uek

kernel-uek-modules-usb

6.12.0-105.51.5.el9uek

kernel-uek-modules-wireless

6.12.0-105.51.5.el9uek

kernel-uek-tools

6.12.0-105.51.5.el9uek

Связанные CVE

Ссылки на источники

Связанные уязвимости

CVE-2025-22103

CVSS3: 5.5

ubuntu

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: net: fix NULL pointer dereference in l3mdev_l3_rcv When delete l3s ipvlan: ip link del link eth0 ipvlan1 type ipvlan mode l3s This may cause a null pointer dereference: Call trace: ip_rcv_finish+0x48/0xd0 ip_rcv+0x5c/0x100 __netif_receive_skb_one_core+0x64/0xb0 __netif_receive_skb+0x20/0x80 process_backlog+0xb4/0x204 napi_poll+0xe8/0x294 net_rx_action+0xd8/0x22c __do_softirq+0x12c/0x354 This is because l3mdev_l3_rcv() visit dev->l3mdev_ops after ipvlan_l3s_unregister() assign the dev->l3mdev_ops to NULL. The process like this: (CPU1) | (CPU2) l3mdev_l3_rcv() | check dev->priv_flags: | master = skb->dev; | | | ipvlan_l3s_unregister() | set dev->priv_flags | dev->l3mdev_ops = NULL; | visit master->l3mdev_ops | To avoid this by do not set dev->l3mdev_ops when unregister l3s ipvlan.