ELSA-2025-9580

Опубликовано: 25 июн. 2025

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2025-9580: kernel security update (MODERATE)

[4.18.0-553.58.1_10.OL8]

Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]

[4.18.0-553.58.1_10]

ndisc: use RCU protection in ndisc_alloc_skb() (Xin Long) [RHEL-89535] {CVE-2025-21764}
ipv6: use RCU protection in ip6_default_advmss() (Xin Long) [RHEL-89535] {CVE-2025-21765}
net: add dev_net_rcu() helper (Xin Long) [RHEL-89535] {CVE-2025-21765}
net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() (Xin Long) [RHEL-89535]
idpf: check error for register_netdev() on init (Michal Schmidt) [RHEL-71182] {CVE-2025-22116}
idpf: avoid mailbox timeout delays during reset (Michal Schmidt) [RHEL-71182]
idpf: fix a race in txq wakeup (Michal Schmidt) [RHEL-71182]
idpf: fix idpf_vport_splitq_napi_poll() (Michal Schmidt) [RHEL-71182]
idpf: fix null-ptr-deref in idpf_features_check (Michal Schmidt) [RHEL-71182]
idpf: protect shutdown from reset (Michal Schmidt) [RHEL-71182]
idpf: fix potential memory leak on kcalloc() failure (Michal Schmidt) [RHEL-71182]
idpf: fix offloads support for encapsulated packets (Michal Schmidt) [RHEL-71182]
idpf: fix adapter NULL pointer dereference on reboot (Michal Schmidt) [RHEL-71182] {CVE-2025-22065}
idpf: fix checksums set in idpf_rx_rsc() (Michal Schmidt) [RHEL-71182] {CVE-2025-21890}
idpf: fix handling rsc packet with a single segment (Michal Schmidt) [RHEL-71182]
idpf: add more info during virtchnl transaction timeout/salt mismatch (Michal Schmidt) [RHEL-71182]
idpf: convert workqueues to unbound (Michal Schmidt) [RHEL-71182] {CVE-2024-58057}
idpf: Acquire the lock before accessing the xn->salt (Michal Schmidt) [RHEL-71182]
idpf: fix transaction timeouts on reset (Michal Schmidt) [RHEL-71182]
idpf: add read memory barrier when checking descriptor done bit (Michal Schmidt) [RHEL-71182]
idpf: deinit virtchnl transaction manager after vport and vectors (Michal Schmidt) [RHEL-71182]
idpf: use actual mbx receive payload length (Michal Schmidt) [RHEL-71182]
idpf: call set_real_num_queues in idpf_open (Michal Schmidt) [RHEL-71182 RHEL-90849]
idpf: fix idpf_vc_core_init error path (Michal Schmidt) [RHEL-68233 RHEL-71182 RHEL-90846] {CVE-2024-53064}
idpf: avoid vport access in idpf_get_link_ksettings (Michal Schmidt) [RHEL-71182 RHEL-90846] {CVE-2024-50274}
idpf: fix netdev Tx queue stop/wake (Michal Schmidt) [RHEL-71182]
idpf: fix UAFs when destroying the queues (Michal Schmidt) [RHEL-71182] {CVE-2024-44932}
idpf: fix memleak in vport interrupt configuration (Michal Schmidt) [RHEL-71182]
idpf: fix memory leaks and crashes while performing a soft reset (Michal Schmidt) [RHEL-71182] {CVE-2024-44964}
idpf: compile singleq code only under default-n CONFIG_IDPF_SINGLEQ (Michal Schmidt) [RHEL-71182]
redhat/configs: set CONFIG_IDPF_SINGLEQ as disabled (Michal Schmidt) [RHEL-71182]
idpf: merge singleq and splitq &net_device_ops (Michal Schmidt) [RHEL-71182]
idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (Michal Schmidt) [RHEL-71182]
idpf: split &idpf_queue into 4 strictly-typed queue structures (Michal Schmidt) [RHEL-71182]
idpf: remove legacy Page Pool Ethtool stats (Michal Schmidt) [RHEL-71182]
net: remove gfp_mask from napi_alloc_skb() [idpf] (Michal Schmidt) [RHEL-71182]
idpf: stop using macros for accessing queue descriptors (Michal Schmidt) [RHEL-71182]
idpf: don't enable NAPI and interrupts prior to allocating Rx buffers (Michal Schmidt) [RHEL-71182]
idpf: Interpret .set_channels() input differently (Michal Schmidt) [RHEL-71182]
idpf: make virtchnl2.h self-contained (Michal Schmidt) [RHEL-71182]
s390/pci: Serialize device addition and removal (Mete Durlu) [RHEL-95783]
s390/pci: Allow re-add of a reserved but not yet removed device (Mete Durlu) [RHEL-95783]
s390/pci: Prevent self deletion in disable_slot() (Mete Durlu) [RHEL-95783]
s390/pci: Remove redundant bus removal and disable from zpci_release_device() (Mete Durlu) [RHEL-95783]
s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (Mete Durlu) [RHEL-95783]
s390/pci: Fix missing check for zpci_create_device() error return (Mete Durlu) [RHEL-95783]
s390/pci: Fix potential double remove of hotplug slot (Mete Durlu) [RHEL-95783]
s390/pci: remove hotplug slot when releasing the device (Mete Durlu) [RHEL-95783]
s390/pci: introduce lock to synchronize state of zpci_dev's (Mete Durlu) [RHEL-95783]
s390/pci: rename lock member in struct zpci_dev (Mete Durlu) [RHEL-95783]

[4.18.0-553.57.1_10]

smb: client: fix warning in cifs_smb3_do_mount() (Paulo Alcantara) [RHEL-55825]
cifs: fix double free race when mount fails in cifs_get_root() (Paulo Alcantara) [RHEL-55825] {CVE-2022-48919}
security/keys: fix slab-out-of-bounds in key_task_permission (CKI Backport Bot) [RHEL-68090] {CVE-2024-50301}

Обновленные пакеты

Oracle Linux 8

Oracle Linux x86_64

kernel-tools-libs-devel

4.18.0-553.58.1.el8_10

bpftool

4.18.0-553.58.1.el8_10

kernel

4.18.0-553.58.1.el8_10

kernel-abi-stablelists

4.18.0-553.58.1.el8_10

kernel-core

4.18.0-553.58.1.el8_10

kernel-cross-headers

4.18.0-553.58.1.el8_10

kernel-debug

4.18.0-553.58.1.el8_10

kernel-debug-core

4.18.0-553.58.1.el8_10

kernel-debug-devel

4.18.0-553.58.1.el8_10

kernel-debug-modules

4.18.0-553.58.1.el8_10

kernel-debug-modules-extra

4.18.0-553.58.1.el8_10

kernel-devel

4.18.0-553.58.1.el8_10

kernel-doc

4.18.0-553.58.1.el8_10

kernel-headers

4.18.0-553.58.1.el8_10

kernel-modules

4.18.0-553.58.1.el8_10

kernel-modules-extra

4.18.0-553.58.1.el8_10

kernel-tools

4.18.0-553.58.1.el8_10

kernel-tools-libs

4.18.0-553.58.1.el8_10

perf

4.18.0-553.58.1.el8_10

python3-perf

4.18.0-553.58.1.el8_10

Связанные CVE

Ссылки на источники

Связанные уязвимости

CVE-2022-48919

CVSS3: 7.8

ubuntu

12 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free the context. In this situation we should not proceed to enter the out: section in cifs_smb3_do_mount() and free the same resources a second time. [Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0 [Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 5.17.0-rc3+ #4 [Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019 [Thu Feb 10 12:59:06 2022] Call Trace: [Thu Feb 10 12:59:06 2022] <IRQ> [Thu Feb 10 12:59:06 2022] dump_stack_lvl+0x5d/0x78 [Thu Feb 10 12:59:06 2022] print_address_...