Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-2627

Опубликовано: 11 мар. 2025
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2025-2627: kernel security update (IMPORTANT)

[5.14.0-503.31.1_5.OL9]

  • Disable UKI signing [Orabug: 36571828]
  • Update Oracle Linux certificates (Kevin Lyons)
  • Disable signing for aarch64 (Ilya Okomin)
  • Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  • Update x509.genkey [Orabug: 24817676]
  • Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
  • Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
  • Add Oracle Linux IMA certificates

[5.14.0-503.31.1_5]

  • HID: core: zero-initialize the report buffer (Benjamin Tissoires) [RHEL-81838] {CVE-2024-50302}
  • x86/kaslr: Expose and use the end of the physical memory address space (Waiman Long) [RHEL-70002]
  • ALSA: usb-audio: Fix a DMA to stack memory bug (Jaroslav Kysela) [RHEL-81799]
  • ALSA: usb-audio: Fix for sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81799]
  • ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Jaroslav Kysela) [RHEL-81799] {CVE-2024-53197}
  • ALSA: usb-audio: Add sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81799]
  • x86/kexec: Add EFI config table identity mapping for kexec kernel (Jay Shin) [RHEL-74170]
  • mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (Jay Shin) [RHEL-73210] {CVE-2024-53113}
  • can: bcm: Fix UAF in bcm_proc_show() (CKI KWF BOT) [RHEL-80746] {CVE-2023-52922}
  • smb: client: fix chmod(2) regression with ATTR_READONLY (Jay Shin) [RHEL-80526]
  • hugetlb: prioritize surplus allocation from current node (Aristeu Rozanski) [RHEL-77488]
  • dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). (Antoine Tenart) [RHEL-77338]
  • net: add softirq safety to netdev_rename_lock (Antoine Tenart) [RHEL-77343]
  • arp: Convert ioctl(SIOCGARP) to RCU. (Antoine Tenart) [RHEL-77343]
  • net: Protect dev->name by seqlock. (Antoine Tenart) [RHEL-77343]
  • net: Remove unused declaration dev_restart() (Antoine Tenart) [RHEL-77343]
  • arp: Get dev after calling arp_req_(delete|set|get)(). (Antoine Tenart) [RHEL-77343]
  • arp: Remove a nest in arp_req_get(). (Antoine Tenart) [RHEL-77343]
  • arp: Factorise ip_route_output() call in arp_req_set() and arp_req_delete(). (Antoine Tenart) [RHEL-77343]
  • arp: Validate netmask earlier for SIOCDARP and SIOCSARP in arp_ioctl(). (Antoine Tenart) [RHEL-77343]
  • arp: Move ATF_COM setting in arp_req_set(). (Antoine Tenart) [RHEL-77343]
  • ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-75250] {CVE-2023-52605}
  • vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-75461] {CVE-2024-50264}
  • x86/pci: Skip early E820 check for ECAM region (CKI Backport Bot) [RHEL-67065]
  • cpufreq: intel_pstate: Update Balance performance EPP for Emerald Rapids (Steve Best) [RHEL-64291]

[5.14.0-503.30.1_5]

  • can: bcm: Fix UAF in bcm_proc_show() (CKI KWF BOT) [RHEL-80746] {CVE-2023-52922}
  • smb: client: fix chmod(2) regression with ATTR_READONLY (Jay Shin) [RHEL-80526]
  • hugetlb: prioritize surplus allocation from current node (Aristeu Rozanski) [RHEL-77488]
  • dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). (Antoine Tenart) [RHEL-77338]
  • net: add softirq safety to netdev_rename_lock (Antoine Tenart) [RHEL-77343]
  • arp: Convert ioctl(SIOCGARP) to RCU. (Antoine Tenart) [RHEL-77343]
  • net: Protect dev->name by seqlock. (Antoine Tenart) [RHEL-77343]
  • net: Remove unused declaration dev_restart() (Antoine Tenart) [RHEL-77343]
  • arp: Get dev after calling arp_req_(delete|set|get)(). (Antoine Tenart) [RHEL-77343]
  • arp: Remove a nest in arp_req_get(). (Antoine Tenart) [RHEL-77343]
  • arp: Factorise ip_route_output() call in arp_req_set() and arp_req_delete(). (Antoine Tenart) [RHEL-77343]
  • arp: Validate netmask earlier for SIOCDARP and SIOCSARP in arp_ioctl(). (Antoine Tenart) [RHEL-77343]
  • arp: Move ATF_COM setting in arp_req_set(). (Antoine Tenart) [RHEL-77343]
  • ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-75250] {CVE-2023-52605}
  • vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-75461] {CVE-2024-50264}
  • x86/pci: Skip early E820 check for ECAM region (CKI Backport Bot) [RHEL-67065]
  • cpufreq: intel_pstate: Update Balance performance EPP for Emerald Rapids (Steve Best) [RHEL-64291]

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

bpftool

7.4.0-503.31.1.el9_5

kernel-tools

5.14.0-503.31.1.el9_5

kernel-cross-headers

5.14.0-503.31.1.el9_5

kernel-tools-libs-devel

5.14.0-503.31.1.el9_5

kernel-tools-libs

5.14.0-503.31.1.el9_5

python3-perf

5.14.0-503.31.1.el9_5

kernel-headers

5.14.0-503.31.1.el9_5

perf

5.14.0-503.31.1.el9_5

rtla

5.14.0-503.31.1.el9_5

rv

5.14.0-503.31.1.el9_5

Oracle Linux x86_64

bpftool

7.4.0-503.31.1.el9_5

kernel

5.14.0-503.31.1.el9_5

kernel-abi-stablelists

5.14.0-503.31.1.el9_5

kernel-core

5.14.0-503.31.1.el9_5

kernel-debug

5.14.0-503.31.1.el9_5

kernel-debug-core

5.14.0-503.31.1.el9_5

kernel-debug-modules

5.14.0-503.31.1.el9_5

kernel-debug-modules-core

5.14.0-503.31.1.el9_5

kernel-debug-modules-extra

5.14.0-503.31.1.el9_5

kernel-debug-uki-virt

5.14.0-503.31.1.el9_5

kernel-modules

5.14.0-503.31.1.el9_5

kernel-modules-core

5.14.0-503.31.1.el9_5

kernel-modules-extra

5.14.0-503.31.1.el9_5

kernel-tools

5.14.0-503.31.1.el9_5

kernel-tools-libs

5.14.0-503.31.1.el9_5

kernel-uki-virt

5.14.0-503.31.1.el9_5

kernel-uki-virt-addons

5.14.0-503.31.1.el9_5

python3-perf

5.14.0-503.31.1.el9_5

kernel-debug-devel

5.14.0-503.31.1.el9_5

kernel-debug-devel-matched

5.14.0-503.31.1.el9_5

kernel-devel

5.14.0-503.31.1.el9_5

kernel-devel-matched

5.14.0-503.31.1.el9_5

kernel-doc

5.14.0-503.31.1.el9_5

kernel-headers

5.14.0-503.31.1.el9_5

perf

5.14.0-503.31.1.el9_5

rtla

5.14.0-503.31.1.el9_5

rv

5.14.0-503.31.1.el9_5

kernel-cross-headers

5.14.0-503.31.1.el9_5

kernel-tools-libs-devel

5.14.0-503.31.1.el9_5

libperf

5.14.0-503.31.1.el9_5

Связанные CVE

CVE-2024-50264
CVE-2023-52922
CVE-2024-53113
CVE-2024-50302
CVE-2023-52605
CVE-2024-53197

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2025-2501

oracle-oval
3 месяца назад

ELSA-2025-2501: kernel security update (IMPORTANT)

suse-cvrf логотип

SUSE-SU-2024:4346-1

suse-cvrf
6 месяцев назад

Security update for the Linux Kernel

ubuntu логотип

CVE-2024-50264

CVSS3: 7.8
ubuntu
7 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.

redhat логотип

CVE-2024-50264

CVSS3: 6
redhat
7 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.

nvd логотип

CVE-2024-50264

CVSS3: 7.8
nvd
7 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.

Уязвимость ELSA-2025-2627