ELSA-2025-4341

Описание

[5.14.0-503.40.1_5.OL9]

• Disable UKI signing [Orabug: 36571828]
• Update Oracle Linux certificates (Kevin Lyons)
• Disable signing for aarch64 (Ilya Okomin)
• Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
• Update x509.genkey [Orabug: 24817676]
• Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
• Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
• Add Oracle Linux IMA certificates

[5.14.0-503.40.1_5]

• nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (Chris Leech) [RHEL-87479] {CVE-2025-21927}
• ipvs: properly dereference pe in ip_vs_add_service (Phil Sutter) [RHEL-75438] {CVE-2024-42322}
• bonding: fix null pointer deref in bond_ipsec_offload_ok (CKI Backport Bot) [RHEL-75453] {CVE-2024-44990}
• smb: client: don't retry IO on failed negprotos with soft mounts (Jay Shin) [RHEL-85523]
• bonding: Correctly support GSO ESP offload (CKI Backport Bot) [RHEL-73403]
• team: prevent adding a device which is already a team device lower (Hangbin Liu) [RHEL-73403]
• team: Fix feature exposure when no ports are present (Hangbin Liu) [RHEL-73403]
• team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73403]
• team: Fix initial vlan_feature set in __team_compute_features (Hangbin Liu) [RHEL-73403]
• bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73403]
• bonding: Fix initial {vlan,mpls}_feature set in bond_compute_features (Hangbin Liu) [RHEL-73403]
• net, team, bonding: Add netdev_base_features helper (Hangbin Liu) [RHEL-73403]
• bonding: add ESP offload features when slaves support (Hangbin Liu) [RHEL-73403]
• net: team: rename team to team_core for linking (Hangbin Liu) [RHEL-73403]
• netfilter: br_netfilter: fix panic with metadata_dst skb (Ivan Vecera) [RHEL-71956]
• bridge: mcast: Fail MDB get request on empty entry (Ivan Vecera) [RHEL-71956]
• net: stmmac: dwmac-tegra: Fix link bring-up sequence (Jose Ignacio Tornos Martinez) [RHEL-73478]
• kobject_uevent: Fix OOB access within zap_modalias_env() (CKI KWF BOT) [RHEL-75435] {CVE-2024-42292}

[5.14.0-503.39.1_5]

• igb: cope with large MAX_SKB_FRAGS (Corinna Vinschen) [RHEL-75552]
• x86/sev: Ensure that RMP table fixups are reserved (Bandan Das) [RHEL-84716]
• ELF: fix kernel.randomize_va_space double read (Rafael Aquini) [RHEL-75456] {CVE-2024-46826}
• smb: client: fix double put of @cfile in smb2_set_path_size() (Paulo Alcantara) [RHEL-79342] {CVE-2024-46796}
• smb: client: fix double put of @cfile in smb2_rename_path() (Paulo Alcantara) [RHEL-79342] {CVE-2024-46736}
• smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp (Paulo Alcantara) [RHEL-79342]