Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-7423

Опубликовано: 22 мая 2025
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2025-7423: kernel security update (IMPORTANT)

[5.14.0-570.16.1.0.1_6.OL9]

  • nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
  • Disable UKI signing [Orabug: 36571828]
  • Update Oracle Linux certificates (Kevin Lyons)
  • Disable signing for aarch64 (Ilya Okomin)
  • Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  • Update x509.genkey [Orabug: 24817676]
  • Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
  • Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
  • Add Oracle Linux IMA certificates

[5.14.0-570.16.1_6]

  • soc: qcom: socinfo: Avoid out of bounds read of serial number (Jared Kangas) [RHEL-88252] {CVE-2024-58007}
  • soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (Jared Kangas) [RHEL-88252]
  • soc: qcom: Add check devm_kasprintf() returned value (Jared Kangas) [RHEL-88252]

[5.14.0-570.15.1_6]

  • ice: ensure periodic output start time is in the future (Petr Oros) [RHEL-86021]
  • ice: fix PHY Clock Recovery availability check (Petr Oros) [RHEL-86021]
  • ice: Drop auxbus use for PTP to finalize ice_adapter move (Petr Oros) [RHEL-86021]
  • ice: Use ice_adapter for PTP shared data instead of auxdev (Petr Oros) [RHEL-86021]
  • ice: Initial support for E825C hardware in ice_adapter (Petr Oros) [RHEL-86021]
  • ice: Add ice_get_ctrl_ptp() wrapper to simplify the code (Petr Oros) [RHEL-86021]
  • ice: Introduce ice_get_phy_model() wrapper (Petr Oros) [RHEL-86021]
  • ice: Enable 1PPS out from CGU for E825C products (Petr Oros) [RHEL-86021]
  • ice: Read SDP section from NVM for pin definitions (Petr Oros) [RHEL-86021]
  • ice: Disable shared pin on E810 on setfunc (Petr Oros) [RHEL-86021]
  • ice: Cache perout/extts requests and check flags (Petr Oros) [RHEL-86021]
  • ice: Align E810T GPIO to other products (Petr Oros) [RHEL-86021]
  • ice: Add SDPs support for E825C (Petr Oros) [RHEL-86021]
  • ice: Implement ice_ptp_pin_desc (Petr Oros) [RHEL-86021]

[5.14.0-570.14.1_6]

  • smb: client: fix regression with guest option (Paulo Alcantara) [RHEL-83859]
  • io_uring/sqpoll: zero sqd->thread on tctx errors (CKI Backport Bot) [RHEL-87264] {CVE-2025-21633}
  • nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (Chris Leech) [RHEL-86915] {CVE-2025-21927}
  • iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (CKI Backport Bot) [RHEL-86840] {CVE-2025-21993}
  • certs: Add ECDSA signature verification self-test (Herbert Xu) [RHEL-82247]
  • certs: Move RSA self-test data to separate file (Herbert Xu) [RHEL-82247]
  • certs: Break circular dependency when selftest is modular (Herbert Xu) [RHEL-82247]
  • KEYS: Include linux/errno.h in linux/verification.h (Herbert Xu) [RHEL-82247]
  • crypto: certs: fix FIPS selftest dependency (Herbert Xu) [RHEL-82247]
  • New configs in certs/Kconfig (Fedora Kernel Team) [RHEL-82247]
  • certs: Add support for using elliptic curve keys for signing modules (Herbert Xu) [RHEL-82247]
  • certs: Trigger creation of RSA module signing key if it's not an RSA key (Herbert Xu) [RHEL-82247]
  • tpm: Change to kvalloc() in eventlog/acpi.c (Stepan Horacek) [RHEL-82147] {CVE-2024-58005}

[5.14.0-570.13.1_6]

  • scsi: storvsc: Set correct data length for sending SCSI command without payload (Cathy Avery) [RHEL-83049]
  • hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (Maxim Levitsky) [RHEL-85942]
  • net: netvsc: Update default VMBus channels (Maxim Levitsky) [RHEL-85942]
  • net: mana: cleanup mana struct after debugfs_remove() (Maxim Levitsky) [RHEL-85942]
  • net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (Maxim Levitsky) [RHEL-85942]
  • net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (Maxim Levitsky) [RHEL-85942]
  • net: mana: Fix memory leak in mana_gd_setup_irqs (Maxim Levitsky) [RHEL-85942]
  • net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (Maxim Levitsky) [RHEL-85942]
  • net: mana: use ethtool string helpers (Maxim Levitsky) [RHEL-85942]
  • net: mana: Enable debugfs files for MANA device (Maxim Levitsky) [RHEL-85942]
  • net: mana: Add get_link and get_link_ksettings in ethtool (Maxim Levitsky) [RHEL-85942]
  • net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (Maxim Levitsky) [RHEL-85942]
  • net: mana: Improve mana_set_channels() in low mem conditions (Maxim Levitsky) [RHEL-85942]
  • net: mana: Implement get_ringparam/set_ringparam for mana (Maxim Levitsky) [RHEL-85942]
  • net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (Maxim Levitsky) [RHEL-85942]
  • ice: Fix signedness bug in ice_init_interrupt_scheme() (Petr Oros) [RHEL-80557]
  • ice: init flow director before RDMA (Petr Oros) [RHEL-80557]
  • ice: simplify VF MSI-X managing (Petr Oros) [RHEL-80557]
  • ice: enable_rdma devlink param (Petr Oros) [RHEL-80557]
  • ice: treat dyn_allowed only as suggestion (Petr Oros) [RHEL-80557]
  • ice, irdma: move interrupts code to irdma (Petr Oros) [RHEL-80557]
  • ice: get rid of num_lan_msix field (Petr Oros) [RHEL-80557]
  • ice: remove splitting MSI-X between features (Petr Oros) [RHEL-80557]
  • ice: devlink PF MSI-X max and min parameter (Petr Oros) [RHEL-80557]
  • ice: ice_probe: init ice_adapter after HW init (Petr Oros) [RHEL-80557]
  • ice: minor: rename goto labels from err to unroll (Petr Oros) [RHEL-80557]
  • ice: split ice_init_hw() out from ice_init_dev() (Petr Oros) [RHEL-80557]
  • ice: c827: move wait for FW to ice_init_hw() (Petr Oros) [RHEL-80557]
  • smb: client: don't retry IO on failed negprotos with soft mounts (Jay Shin) [RHEL-85524]
  • cgroup: Remove steal time from usage_usec (Waiman Long) [RHEL-85398]
  • rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CKI Backport Bot) [RHEL-85395] {CVE-2024-58069}

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

kernel-cross-headers

5.14.0-570.16.1.0.1.el9_6

kernel-tools-libs-devel

5.14.0-570.16.1.0.1.el9_6

kernel-tools-libs

5.14.0-570.16.1.0.1.el9_6

kernel-headers

5.14.0-570.16.1.0.1.el9_6

perf

5.14.0-570.16.1.0.1.el9_6

rtla

5.14.0-570.16.1.0.1.el9_6

rv

5.14.0-570.16.1.0.1.el9_6

kernel-tools

5.14.0-570.16.1.0.1.el9_6

python3-perf

5.14.0-570.16.1.0.1.el9_6

Oracle Linux x86_64

kernel-debug-core

5.14.0-570.16.1.0.1.el9_6

kernel-debug-devel

5.14.0-570.16.1.0.1.el9_6

kernel-debug-devel-matched

5.14.0-570.16.1.0.1.el9_6

kernel-devel

5.14.0-570.16.1.0.1.el9_6

kernel-devel-matched

5.14.0-570.16.1.0.1.el9_6

kernel-doc

5.14.0-570.16.1.0.1.el9_6

kernel-headers

5.14.0-570.16.1.0.1.el9_6

perf

5.14.0-570.16.1.0.1.el9_6

rtla

5.14.0-570.16.1.0.1.el9_6

rv

5.14.0-570.16.1.0.1.el9_6

kernel-cross-headers

5.14.0-570.16.1.0.1.el9_6

kernel-tools-libs-devel

5.14.0-570.16.1.0.1.el9_6

libperf

5.14.0-570.16.1.0.1.el9_6

kernel

5.14.0-570.16.1.0.1.el9_6

kernel-abi-stablelists

5.14.0-570.16.1.0.1.el9_6

kernel-core

5.14.0-570.16.1.0.1.el9_6

kernel-debug

5.14.0-570.16.1.0.1.el9_6

kernel-debug-modules

5.14.0-570.16.1.0.1.el9_6

kernel-debug-modules-core

5.14.0-570.16.1.0.1.el9_6

kernel-debug-modules-extra

5.14.0-570.16.1.0.1.el9_6

kernel-debug-uki-virt

5.14.0-570.16.1.0.1.el9_6

kernel-modules

5.14.0-570.16.1.0.1.el9_6

kernel-modules-core

5.14.0-570.16.1.0.1.el9_6

kernel-modules-extra

5.14.0-570.16.1.0.1.el9_6

kernel-tools

5.14.0-570.16.1.0.1.el9_6

kernel-tools-libs

5.14.0-570.16.1.0.1.el9_6

kernel-uki-virt

5.14.0-570.16.1.0.1.el9_6

kernel-uki-virt-addons

5.14.0-570.16.1.0.1.el9_6

python3-perf

5.14.0-570.16.1.0.1.el9_6

Связанные CVE

CVE-2024-58005
CVE-2024-58069
CVE-2025-21927
CVE-2024-58007
CVE-2025-21993
CVE-2025-21633

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2024-58005

CVSS3: 5.5
ubuntu
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: tpm: Change to kvalloc() in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: [ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0) [ 10.848132][ T1] ------------[ cut here ]------------ [ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330 [ 10.862827][ T1] Modules linked in: [ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375 [ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024 [ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330 [ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 <0f> 0b 45 31 ff e9 e5 fe ff ff f...

redhat логотип

CVE-2024-58005

CVSS3: 4.4
redhat
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: tpm: Change to kvalloc() in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: [ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0) [ 10.848132][ T1] ------------[ cut here ]------------ [ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330 [ 10.862827][ T1] Modules linked in: [ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375 [ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024 [ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330 [ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 <0f> 0b 45 31 ff e9 e5 fe ff ff f7 c...

nvd логотип

CVE-2024-58005

CVSS3: 5.5
nvd
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: tpm: Change to kvalloc() in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: [ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0) [ 10.848132][ T1] ------------[ cut here ]------------ [ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330 [ 10.862827][ T1] Modules linked in: [ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375 [ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024 [ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330 [ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 <0f> 0b 45 31 ff e9 e5 fe ff ff f7 c

msrc логотип

CVE-2024-58005

CVSS3: 5.5
msrc
3 месяца назад

Описание отсутствует

debian логотип

CVE-2024-58005

CVSS3: 5.5
debian
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: t ...

Уязвимость ELSA-2025-7423