Oracle Linux Security Advisory ELSA-2025-12662 http://linux.oracle.com/errata/ELSA-2025-12662.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-abi-stablelists-6.12.0-55.25.1.0.1.el10_0.noarch.rpm kernel-core-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-cross-headers-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-debug-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-debug-core-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-debug-devel-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-debug-devel-matched-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-debug-modules-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-debug-modules-core-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-debug-modules-extra-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-debug-uki-virt-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-devel-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-devel-matched-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-doc-6.12.0-55.25.1.0.1.el10_0.noarch.rpm kernel-headers-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-modules-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-modules-core-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-modules-extra-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-tools-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-tools-libs-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-tools-libs-devel-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-uki-virt-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm kernel-uki-virt-addons-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm libperf-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm perf-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm python3-perf-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm rtla-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm rv-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm aarch64: kernel-cross-headers-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm kernel-headers-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm kernel-tools-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm kernel-tools-libs-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm kernel-tools-libs-devel-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm libperf-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm perf-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm python3-perf-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm rtla-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm rv-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-55.25.1.0.1.el10_0.src.rpm Related CVEs: CVE-2025-21727 CVE-2025-21928 CVE-2025-21929 CVE-2025-22020 CVE-2025-22085 CVE-2025-22113 CVE-2025-37890 CVE-2025-38052 CVE-2025-38086 CVE-2025-38087 CVE-2025-38264 Description of changes: [6.12.0-55.25.1.0.1] - nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650] - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - Update module name for cryptographic module [Orabug: 37400433] [6.12.0-55.25.1] - Bump internal version to 55.25.1 - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice - CVE-2025-38001 - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() - CVE-2025-38000 - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc - CVE-2025-37890 - sch_hfsc: make hfsc_qlen_notify() idempotent - RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem - CVE-2025-38022 - RDMA/core: Fix use-after-free when rename device name - CVE-2025-22085 - nvme-tcp: sanitize request list handling - CVE-2025-38264 - net: tipc: fix refcount warning in tipc_aead_encrypt - net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done - CVE-2025-38052 - tcp: adjust rcvq_space after updating scaling ratio - ext4: avoid journaling sb update on error if journal is destroying - CVE-2025-22113 - ext4: define ext4_journal_destroy wrapper - CVE-2025-22113 - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() - CVE-2025-21928 - HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() - CVE-2025-21929 - usb: hub: Fix flushing of delayed work used for post resume purposes - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - net/sched: fix use-after-free in taprio_dev_notifier - CVE-2025-38087 - net: ch9200: fix uninitialised access during mii_nway_restart - CVE-2025-38086 - padata: avoid UAF for reorder_work - CVE-2025-21726 - padata: fix UAF in padata_reorder - CVE-2025-21727 - padata: add pd get/put refcnt helper - padata: fix sysfs store callback check - padata: Clean up in padata_do_multithreaded() - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove -CVE-2025-22020 _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
