Oracle Linux Security Advisory ELSA-2025-22395 http://linux.oracle.com/errata/ELSA-2025-22395.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-abi-stablelists-6.12.0-124.16.1.el10_1.noarch.rpm kernel-core-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-cross-headers-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-debug-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-debug-core-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-debug-devel-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-debug-devel-matched-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-debug-modules-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-debug-modules-core-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-debug-modules-extra-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-debug-uki-virt-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-devel-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-devel-matched-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-doc-6.12.0-124.16.1.el10_1.noarch.rpm kernel-headers-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-modules-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-modules-core-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-modules-extra-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-modules-extra-matched-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-tools-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-tools-libs-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-tools-libs-devel-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-uki-virt-6.12.0-124.16.1.el10_1.x86_64.rpm kernel-uki-virt-addons-6.12.0-124.16.1.el10_1.x86_64.rpm libperf-6.12.0-124.16.1.el10_1.x86_64.rpm perf-6.12.0-124.16.1.el10_1.x86_64.rpm python3-perf-6.12.0-124.16.1.el10_1.x86_64.rpm rtla-6.12.0-124.16.1.el10_1.x86_64.rpm rv-6.12.0-124.16.1.el10_1.x86_64.rpm aarch64: kernel-cross-headers-6.12.0-124.16.1.el10_1.aarch64.rpm kernel-headers-6.12.0-124.16.1.el10_1.aarch64.rpm kernel-tools-6.12.0-124.16.1.el10_1.aarch64.rpm kernel-tools-libs-6.12.0-124.16.1.el10_1.aarch64.rpm kernel-tools-libs-devel-6.12.0-124.16.1.el10_1.aarch64.rpm libperf-6.12.0-124.16.1.el10_1.aarch64.rpm perf-6.12.0-124.16.1.el10_1.aarch64.rpm python3-perf-6.12.0-124.16.1.el10_1.aarch64.rpm rtla-6.12.0-124.16.1.el10_1.aarch64.rpm rv-6.12.0-124.16.1.el10_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-124.16.1.el10_1.src.rpm Related CVEs: CVE-2025-22068 CVE-2025-38724 CVE-2025-39883 CVE-2025-39898 CVE-2025-39918 CVE-2025-39971 Description of changes: [6.12.0-124.16.1] - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - Update module name for cryptographic module [Orabug: 37400433] - Clean git history at setup stage [6.12.0-124.16.1] - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (Xin Long) [RHEL-125759] - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (CKI Backport Bot) [RHEL-119161] {CVE-2025-39883} [6.12.0-124.15.1] - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CKI Backport Bot) [RHEL-125623] {CVE-2025-38724} - wifi: mt76: free pending offchannel tx frames on wcid cleanup (Jose Ignacio Tornos Martinez) [RHEL-123070] - wifi: mt76: do not add non-sta wcid entries to the poll list (Jose Ignacio Tornos Martinez) [RHEL-123070] - wifi: mt76: fix linked list corruption (Jose Ignacio Tornos Martinez) [RHEL-123070] {CVE-2025-39918} [6.12.0-124.14.1] - ublk: make sure ubq->canceling is set when queue is frozen (Ming Lei) [RHEL-99436] {CVE-2025-22068} - e1000e: fix heap overflow in e1000_set_eeprom (Corinna Vinschen) [RHEL-123127] {CVE-2025-39898} - i40e: add mask to apply valid bits for itr_idx (Michal Schmidt) [RHEL-123811] - i40e: add max boundary check for VF filters (Michal Schmidt) [RHEL-123811] {CVE-2025-39968} - i40e: fix validation of VF state in get resources (Michal Schmidt) [RHEL-123811] {CVE-2025-39969} - i40e: fix input validation logic for action_meta (Michal Schmidt) [RHEL-123811] {CVE-2025-39970} - i40e: fix idx validation in config queues msg (Michal Schmidt) [RHEL-123811] {CVE-2025-39971} - i40e: fix idx validation in i40e_validate_queue_map (Michal Schmidt) [RHEL-123811] {CVE-2025-39972} - i40e: add validation for ring_len param (Michal Schmidt) [RHEL-123811] {CVE-2025-39973} - nvme-multipath: Skip nr_active increments in RETRY disposition (Ewan D. Milne) [RHEL-123689] _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
