Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-9302

Опубликовано: 23 июн. 2025
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2025-9302: kernel security update (MODERATE)

[5.14.0-570.23.1.0.1_6.OL9]

  • nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
  • Disable UKI signing [Orabug: 36571828]
  • Update Oracle Linux certificates (Kevin Lyons)
  • Disable signing for aarch64 (Ilya Okomin)
  • Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  • Update x509.genkey [Orabug: 24817676]
  • Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
  • Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
  • Add Oracle Linux IMA certificates
  • Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

[5.14.0-570.23.1_6]

  • ext4: ignore xattrs past end (CKI Backport Bot) [RHEL-94248] {CVE-2025-37738}
  • ibmvnic: Use kernel helpers for hex dumps (CKI Backport Bot) [RHEL-89019] {CVE-2025-22104}
  • ice: Avoid setting default Rx VSI twice in switchdev setup (Petr Oros) [RHEL-88310] {CVE-2025-21883}
  • ice: Fix deinitializing VF in error path (CKI Backport Bot) [RHEL-88310] {CVE-2025-21883}
  • ice: add E830 HW VF mailbox message limit support (CKI Backport Bot) [RHEL-88310] {CVE-2025-21883}
  • sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (CKI Backport Bot) [RHEL-88322] {CVE-2025-21919}
  • redhat: configs: Enable CX231XX driver (Kate Hsuan) [RHEL-89730]
  • media: usb: usbtv: Stop direct calls to queue num_buffers field (Kate Hsuan) [RHEL-89730]
  • media: saa6752hs: Don't set format in sub-device state (Kate Hsuan) [RHEL-89730]
  • media: i2c: Use accessors for pad config 'try_*' fields (Kate Hsuan) [RHEL-89730]
  • ext4: fix off-by-one error in do_split (CKI Backport Bot) [RHEL-93629] {CVE-2025-23150}

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

kernel-cross-headers

5.14.0-570.23.1.0.1.el9_6

kernel-tools-libs-devel

5.14.0-570.23.1.0.1.el9_6

kernel-headers

5.14.0-570.23.1.0.1.el9_6

perf

5.14.0-570.23.1.0.1.el9_6

rtla

5.14.0-570.23.1.0.1.el9_6

rv

5.14.0-570.23.1.0.1.el9_6

kernel-tools

5.14.0-570.23.1.0.1.el9_6

kernel-tools-libs

5.14.0-570.23.1.0.1.el9_6

python3-perf

5.14.0-570.23.1.0.1.el9_6

Oracle Linux x86_64

kernel

5.14.0-570.23.1.0.1.el9_6

kernel-abi-stablelists

5.14.0-570.23.1.0.1.el9_6

kernel-core

5.14.0-570.23.1.0.1.el9_6

kernel-debug

5.14.0-570.23.1.0.1.el9_6

kernel-debug-core

5.14.0-570.23.1.0.1.el9_6

kernel-debug-modules

5.14.0-570.23.1.0.1.el9_6

kernel-debug-modules-core

5.14.0-570.23.1.0.1.el9_6

kernel-debug-modules-extra

5.14.0-570.23.1.0.1.el9_6

kernel-debug-uki-virt

5.14.0-570.23.1.0.1.el9_6

kernel-modules

5.14.0-570.23.1.0.1.el9_6

kernel-modules-core

5.14.0-570.23.1.0.1.el9_6

kernel-modules-extra

5.14.0-570.23.1.0.1.el9_6

kernel-tools

5.14.0-570.23.1.0.1.el9_6

kernel-tools-libs

5.14.0-570.23.1.0.1.el9_6

kernel-uki-virt

5.14.0-570.23.1.0.1.el9_6

kernel-uki-virt-addons

5.14.0-570.23.1.0.1.el9_6

python3-perf

5.14.0-570.23.1.0.1.el9_6

kernel-debug-devel

5.14.0-570.23.1.0.1.el9_6

kernel-debug-devel-matched

5.14.0-570.23.1.0.1.el9_6

kernel-devel

5.14.0-570.23.1.0.1.el9_6

kernel-devel-matched

5.14.0-570.23.1.0.1.el9_6

kernel-doc

5.14.0-570.23.1.0.1.el9_6

kernel-headers

5.14.0-570.23.1.0.1.el9_6

perf

5.14.0-570.23.1.0.1.el9_6

rtla

5.14.0-570.23.1.0.1.el9_6

rv

5.14.0-570.23.1.0.1.el9_6

kernel-cross-headers

5.14.0-570.23.1.0.1.el9_6

kernel-tools-libs-devel

5.14.0-570.23.1.0.1.el9_6

libperf

5.14.0-570.23.1.0.1.el9_6

Связанные CVE

CVE-2025-21919
CVE-2025-21883
CVE-2025-23150
CVE-2025-22104
CVE-2025-37738

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2025-21919

CVSS3: 7.8
ubuntu
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. This 'prev' pointer can originate from struct rq's leaf_cfs_rq_list, making the conversion invalid and potentially leading to memory corruption. Depending on the relative positions of leaf_cfs_rq_list and the task group (tg) pointer within the struct, this can cause a memory fault or access garbage data. The issue arises in list_add_leaf_cfs_rq, where both cfs_rq->leaf_cfs_rq_list and rq->leaf_cfs_rq_list are added to the same leaf list. Also, rq->tmp_alone_branch can be set to rq->leaf_cfs_rq_list. This adds a check `if (prev == &rq->leaf_cfs_rq_list)` after the main conditional in child_cfs_rq_on_list. This ensures that the container_of operation will convert a correct cfs_rq struct. This check is sufficient because only cfs_rqs on the same CPU are added to the list, so ve...

redhat логотип

CVE-2025-21919

CVSS3: 7
redhat
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. This 'prev' pointer can originate from struct rq's leaf_cfs_rq_list, making the conversion invalid and potentially leading to memory corruption. Depending on the relative positions of leaf_cfs_rq_list and the task group (tg) pointer within the struct, this can cause a memory fault or access garbage data. The issue arises in list_add_leaf_cfs_rq, where both cfs_rq->leaf_cfs_rq_list and rq->leaf_cfs_rq_list are added to the same leaf list. Also, rq->tmp_alone_branch can be set to rq->leaf_cfs_rq_list. This adds a check `if (prev == &rq->leaf_cfs_rq_list)` after the main conditional in child_cfs_rq_on_list. This ensures that the container_of operation will convert a correct cfs_rq struct. This check is sufficient because only cfs_rqs on the same CPU are added to the list, so verifyi...

nvd логотип

CVE-2025-21919

CVSS3: 7.8
nvd
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. This 'prev' pointer can originate from struct rq's leaf_cfs_rq_list, making the conversion invalid and potentially leading to memory corruption. Depending on the relative positions of leaf_cfs_rq_list and the task group (tg) pointer within the struct, this can cause a memory fault or access garbage data. The issue arises in list_add_leaf_cfs_rq, where both cfs_rq->leaf_cfs_rq_list and rq->leaf_cfs_rq_list are added to the same leaf list. Also, rq->tmp_alone_branch can be set to rq->leaf_cfs_rq_list. This adds a check `if (prev == &rq->leaf_cfs_rq_list)` after the main conditional in child_cfs_rq_on_list. This ensures that the container_of operation will convert a correct cfs_rq struct. This check is sufficient because only cfs_rqs on the same CPU are added to the list, so verif

msrc логотип

CVE-2025-21919

CVSS3: 7.8
msrc
3 месяца назад

Описание отсутствует

debian логотип

CVE-2025-21919

CVSS3: 7.8
debian
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: s ...