Описание
ELSA-2025-8643: kernel security update (IMPORTANT)
[5.14.0-570.21.1.0.1_6.OL9]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]
[5.14.0-570.21.1_6]
- xsk: fix an integer overflow in xp_create_and_assign_umem() (CKI Backport Bot) [RHEL-87911] {CVE-2025-21997}
- vlan: enforce underlying device type (Guillaume Nault) [RHEL-87884] {CVE-2025-21920}
- net: fix geneve_opt length integer overflow (Guillaume Nault) [RHEL-87974] {CVE-2025-22055}
- net: gso: fix ownership in __udp_gso_segment (CKI Backport Bot) [RHEL-88333] {CVE-2025-21926}
[5.14.0-570.20.1_6]
- wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (CKI Backport Bot) [RHEL-93253] {CVE-2025-37943}
- ext4: fix OOB read when checking dotdot dir (CKI Backport Bot) [RHEL-87985] {CVE-2025-37785}
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
kernel-cross-headers
5.14.0-570.21.1.0.1.el9_6
kernel-tools-libs-devel
5.14.0-570.21.1.0.1.el9_6
kernel-tools
5.14.0-570.21.1.0.1.el9_6
kernel-tools-libs
5.14.0-570.21.1.0.1.el9_6
python3-perf
5.14.0-570.21.1.0.1.el9_6
kernel-headers
5.14.0-570.21.1.0.1.el9_6
perf
5.14.0-570.21.1.0.1.el9_6
rtla
5.14.0-570.21.1.0.1.el9_6
rv
5.14.0-570.21.1.0.1.el9_6
Oracle Linux x86_64
kernel
5.14.0-570.21.1.0.1.el9_6
kernel-abi-stablelists
5.14.0-570.21.1.0.1.el9_6
kernel-core
5.14.0-570.21.1.0.1.el9_6
kernel-debug
5.14.0-570.21.1.0.1.el9_6
kernel-debug-core
5.14.0-570.21.1.0.1.el9_6
kernel-debug-modules
5.14.0-570.21.1.0.1.el9_6
kernel-debug-modules-core
5.14.0-570.21.1.0.1.el9_6
kernel-debug-modules-extra
5.14.0-570.21.1.0.1.el9_6
kernel-debug-uki-virt
5.14.0-570.21.1.0.1.el9_6
kernel-modules
5.14.0-570.21.1.0.1.el9_6
kernel-modules-core
5.14.0-570.21.1.0.1.el9_6
kernel-modules-extra
5.14.0-570.21.1.0.1.el9_6
kernel-tools
5.14.0-570.21.1.0.1.el9_6
kernel-tools-libs
5.14.0-570.21.1.0.1.el9_6
kernel-uki-virt
5.14.0-570.21.1.0.1.el9_6
kernel-uki-virt-addons
5.14.0-570.21.1.0.1.el9_6
python3-perf
5.14.0-570.21.1.0.1.el9_6
kernel-debug-devel
5.14.0-570.21.1.0.1.el9_6
kernel-debug-devel-matched
5.14.0-570.21.1.0.1.el9_6
kernel-devel
5.14.0-570.21.1.0.1.el9_6
kernel-devel-matched
5.14.0-570.21.1.0.1.el9_6
kernel-doc
5.14.0-570.21.1.0.1.el9_6
kernel-headers
5.14.0-570.21.1.0.1.el9_6
perf
5.14.0-570.21.1.0.1.el9_6
rtla
5.14.0-570.21.1.0.1.el9_6
rv
5.14.0-570.21.1.0.1.el9_6
kernel-cross-headers
5.14.0-570.21.1.0.1.el9_6
kernel-tools-libs-devel
5.14.0-570.21.1.0.1.el9_6
libperf
5.14.0-570.21.1.0.1.el9_6
Ссылки на источники
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields in the header within the ath12k_dp_rx_h_undecap_nwifi function for DP_RX_DECAP_TYPE_NATIVE_WIFI decap type and potentially resulting in invalid data access and memory corruption. Add a sanity check before processing the SKB to prevent invalid data access in the undecap native Wi-Fi function for the DP_RX_DECAP_TYPE_NATIVE_WIFI decap type. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields in the header within the ath12k_dp_rx_h_undecap_nwifi function for DP_RX_DECAP_TYPE_NATIVE_WIFI decap type and potentially resulting in invalid data access and memory corruption. Add a sanity check before processing the SKB to prevent invalid data access in the undecap native Wi-Fi function for the DP_RX_DECAP_TYPE_NATIVE_WIFI decap type. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields in the header within the ath12k_dp_rx_h_undecap_nwifi function for DP_RX_DECAP_TYPE_NATIVE_WIFI decap type and potentially resulting in invalid data access and memory corruption. Add a sanity check before processing the SKB to prevent invalid data access in the undecap native Wi-Fi function for the DP_RX_DECAP_TYPE_NATIVE_WIFI decap type. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1
In the Linux kernel, the following vulnerability has been resolved: w ...
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields in the header within the ath12k_dp_rx_h_undecap_nwifi function for DP_RX_DECAP_TYPE_NATIVE_WIFI decap type and potentially resulting in invalid data access and memory corruption. Add a sanity check before processing the SKB to prevent invalid data access in the undecap native Wi-Fi function for the DP_RX_DECAP_TYPE_NATIVE_WIFI decap type. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1