Kernel, Grafana, RSync, and more updates for Oracle

Oracle Linux 6304 Published 2025-03-12 07:06 by Philipp Esselbach

News

ELSA-2025-20152 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-20152

http://linux.oracle.com/errata/ELSA-2025-20152.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-306.177.4.el8uek.x86_64.rpm
kernel-uek-5.15.0-306.177.4.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-306.177.4.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-306.177.4.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-306.177.4.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-306.177.4.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-306.177.4.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-306.177.4.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-306.177.4.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-306.177.4.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-306.177.4.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-306.177.4.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-306.177.4.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-306.177.4.el8uek.x86_64.rpm

aarch64:
bpftool-5.15.0-306.177.4.el8uek.aarch64.rpm
kernel-uek-5.15.0-306.177.4.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-306.177.4.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-306.177.4.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-306.177.4.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-306.177.4.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-306.177.4.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-306.177.4.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-306.177.4.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-306.177.4.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-306.177.4.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-306.177.4.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-306.177.4.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-306.177.4.el8uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.15.0-306.177.4.el8uek.src.rpm

Related CVEs:

CVE-2024-36899
CVE-2024-47687
CVE-2024-47707
CVE-2024-53110
CVE-2024-53124
CVE-2024-53162
CVE-2024-56631
CVE-2024-56672
CVE-2024-57804

Description of changes:

[5.15.0-306.177.4.el8uek]
- Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" (Greg Kroah-Hartman)
- drm/v3d: Assign job pointer to NULL before signaling the fence (Maíra Canal)
- scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (Ranjan Kumar) [Orabug: 37472354] {CVE-2024-57804}

[5.15.0-306.177.3.el8uek]
- uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530219]
- mm, madvise: fix potential workingset node list_lru leaks (Kairui Song) [Orabug: 37464586]
- crypto: qat/qat_4xxx - fix off by one in uof_get_name() (Dan Carpenter) [Orabug: 37427536] {CVE-2024-53162}
- vdpa/mlx5: Fix error path during device add (Dragos Tatulea) [Orabug: 37296163]
- vp_vdpa: fix id_table array not null terminated error (Xiaoguang Wang) [Orabug: 37296163] {CVE-2024-53110}
- vdpa/mlx5: Postpone MR deletion (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Introduce init/destroy for MR resources (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Rename mr_mtx -> lock (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Extract mr members in own resource struct (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Rename function (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Delete direct MKEYs in parallel (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Create direct MKEYs in parallel (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Parallelize VQ suspend/resume for CVQ MQ command (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Small improvement for change_num_qps() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Keep notifiers during suspend but ignore (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Parallelize device resume (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Parallelize device suspend (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Use async API for vq modify commands (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Use async API for vq query command (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Introduce async fw command wrapper (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Introduce error logging function (Dragos Tatulea) [Orabug: 37296163]
- net/mlx5: Support throttled commands from async API (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Add the support of set mac address (Cindy Lu) [Orabug: 37296163]
- vdpa_sim_net: Add the support of set mac address (Cindy Lu) [Orabug: 37296163]
- vdpa: support set mac address from vdpa tool (Cindy Lu) [Orabug: 37296163]
- vdpa/mlx5: Fix invalid mr resource destroy (Dragos Tatulea) [Orabug: 37296163] {CVE-2024-47687}
- vdpa/mlx5: Don't enable non-active VQs in .set_vq_ready() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Don't reset VQs more than necessary (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Re-create HW VQs under certain conditions (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Pre-create hardware VQs at vdpa .dev_add time (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Use suspend/resume during VQP change (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Forward error in suspend/resume device (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Consolidate all VQ modify to Ready to use resume_vq() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Add error code for suspend/resume VQ (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Accept Init -> Ready VQ transition in resume_vq() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Allow creation of blank VQs (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Set mkey modified flags on all VQs (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Start off rqt_size with max VQPs (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Set an initial size on the VQ (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Add support for modifying the VQ features field (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Add support for modifying the virtio_version VQ field (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Rename init_mvqs (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Clear and reinitialize software VQ data on reset (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Initialize and reset device with one queue pair (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Remove duplicate suspend code (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Iterate over active VQs during suspend/resume (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Drop redundant check in teardown_virtqueues() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Drop redundant code (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Make setup/teardown_vq_resources() symmetrical (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Clarify meaning thorough function rename (Dragos Tatulea) [Orabug: 37296163]
- vhost-vdpa: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 37296163]
- vp_vdpa: don't allocate unused msix vectors (Yuxue Liu) [Orabug: 37296163]
- vdpa: Convert sprintf/snprintf to sysfs_emit (Li Zhijian) [Orabug: 37296163]
- vp_vdpa: Fix return value check vp_vdpa_request_irq (Yuxue Liu) [Orabug: 37296163]
- vhost-vdpa: change ioctl # for VDPA_GET_VRING_SIZE (Michael S. Tsirkin) [Orabug: 37296163]
- virtio_vdpa: create vqs with the actual size (Zhu Lingshan) [Orabug: 37296163]
- vdpa_sim: implement vdpa_config_ops.get_vq_size for vDPA simulator (Zhu Lingshan) [Orabug: 37296163]
- vp_vdpa: implement vdpa_config_ops.get_vq_size (Zhu Lingshan) [Orabug: 37296163]
- vDPA: introduce get_vq_size to vdpa_config_ops (Zhu Lingshan) [Orabug: 37296163]
- vhost-vdpa: uapi to support reporting per vq size (Zhu Lingshan) [Orabug: 37296163]
- vdpa: skip suspend/resume ops if not DRIVER_OK (Steve Sistare) [Orabug: 37296163]
- vdpa_sim: reset must not run (Steve Sistare) [Orabug: 37296163]
- vdpa: Block vq property changes in DRIVER_OK (Dragos Tatulea) [Orabug: 37296163]
- vdpa: Track device suspended state (Dragos Tatulea) [Orabug: 37296163]
- vdpa: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 37296163]
- SUNRPC: do not retry on EKEYEXPIRED when user TGT ticket expired (Dai Ngo) [Orabug: 34162493]

[5.15.0-306.177.2.el8uek]
- LTS version: v5.15.177 (Vijayendra Suman)
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals (Ron Economos)
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals (Arnd Bergmann)
- net: fix data-races around sk->sk_forward_alloc (Wang Liang) [Orabug: 37388795] {CVE-2024-53124}
- scsi: sg: Fix slab-use-after-free read in sg_release() (Suraj Sonawane) [Orabug: 37434117] {CVE-2024-56631}
- x86/xen: fix SLS mitigation in xen_hypercall_iret() (Juergen Gross)
- nfsd: add list_head nf_gc to struct nfsd_file (Youzhong Yang)
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet) [Orabug: 37200706] {CVE-2024-47707}
- vsock/virtio: discard packets if the transport changes (Stefano Garzarella)
- blk-cgroup: Fix UAF in blkcg_unpin_online() (Tejun Heo) [Orabug: 37434276] {CVE-2024-56672}
- iio: adc: rockchip_saradc: fix information leak in triggered buffer (Javier Carrasco)
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on (Jean-Baptiste Maneyrol)
- iio: imu: inv_icm42600: fix spi burst write not supported (Jean-Baptiste Maneyrol)
- drm/i915/fb: Relax clear color alignment to 64 bytes (Ville Syrjälä)
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly (Yogesh Lal)
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify (Zhongqiu Han) [Orabug: 36683269] {CVE-2024-36899}
- fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel)
- filemap: avoid truncating 64-bit offset to 32 bits (Marco Nelissen)
- vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (Stefano Garzarella)
- vsock: reset socket state when de-assigning the transport (Stefano Garzarella)
- vsock/virtio: cancel close work in the destructor (Stefano Garzarella)
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks (Heiner Kallweit)
- nvmet: propagate npwg topology (Luis Chamberlain)
- poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() (Oleg Nesterov)
- ACPI: resource: acpi_dev_irq_override(): Check DMI match last (Hans de Goede)
- kheaders: Ignore silly-rename files (David Howells)
- fs: fix missing declaration of init_files (Zhang Kunbo)
- hfs: Sanity check the root record (Leo Stone)
- mac802154: check local interfaces before deleting sdata list (Lizhi Xu)
- i2c: rcar: fix NACK handling when being a target (Wolfram Sang)
- i2c: mux: demux-pinctrl: check initial mux selection, too (Wolfram Sang)
- drm/v3d: Ensure job pointer is set to NULL after job completion (Maíra Canal)
- net/mlx5: Fix RDMA TX steering prio (Patrisious Haddad)
- net: xilinx: axienet: Fix IRQ coalescing packet count overflow (Sean Anderson)
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output() (Dan Carpenter)
- pktgen: Avoid out-of-bounds access in get_imix_entries (Artem Chernyshev)
- bpf: Fix bpf_sk_select_reuseport() memory leak (Michal Luczaj)
- net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() (Sudheer Kumar Doredla)
- phy: usb: Fix clock imbalance for suspend/resume (Justin Chen)
- phy: usb: Use slow clock for wake enabled suspend (Justin Chen)
- mptcp: fix TCP options overflow. (Paolo Abeni)
- mptcp: drop port parameter of mptcp_pm_add_addr_signal (Geliang Tang)
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam)
- ocfs2: correct return value of ocfs2_local_free_info() (Joseph Qi)
- phy: usb: Toggle the PHY power during init (Justin Chen)
- phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers (Al Cooper)
- of: address: Preserve the flags portion on 1:1 dma-ranges mapping (Andrea della Porta)
- of: address: Store number of bus flag cells rather than bool (Rob Herring)
- of: address: Remove duplicated functions (Herve Codina)
- of: address: Fix address translation when address-size is greater than 2 (Herve Codina)
- of/address: Add support for 3 address cell bus (Rob Herring)
- of: unittest: Add bus address range parsing tests (Rob Herring)
- arm64: dts: rockchip: add hevc power domain clock to rk3328 (Peter Geis)
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (Yu Kuai)
- iio: adc: ad7124: Disable all channels at probe time (Uwe Kleine-König)
- iio: inkern: call iio_device_put() only on mapped devices (Joe Hattori)
- iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori)
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (Fabio Estevam)
- iio: gyro: fxas21002c: Fix missing data update in trigger handler (Carlos Song)
- iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco)
- iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco)
- iio: light: vcnl4035: fix information leak in triggered buffer (Javier Carrasco)
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco)
- iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco)
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M)
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (Prashanth K)
- usb: fix reference leak in usb_new_device() (Ma Ke)
- USB: core: Disable LPM only for non-suspended ports (Kai-Heng Feng)
- USB: usblp: return error when setting unsupported protocol (Jun Yan)
- usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu)
- topology: Keep the cpumask unchanged when printing cpumap (Li Huafei)
- usb: dwc3: gadget: fix writing NYET threshold (André Draszik)
- USB: serial: cp210x: add Phoenix Contact UPS Device (Johan Hovold)
- usb-storage: Add max sectors quirk for Nokia 208 (Lubomir Rintel)
- staging: iio: ad9832: Correct phase range check (Zicheng Qu)
- staging: iio: ad9834: Correct phase range check (Zicheng Qu)
- USB: serial: option: add Neoway N723-EA support (Michal Hrusecky)
- USB: serial: option: add MeiG Smart SRM815 (Chukun Pan)
- md/raid5: fix atomicity violation in raid5_cache_count (Gui-Dong Han)
- scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity (Kuan-Wei Chiu)
- drm/amd/display: increase MAX_SURFACES to the value supported by hw (Melissa Wen)
- ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (Hans de Goede)
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (Hans de Goede)
- riscv: Fix sleeping in invalid context in die() (Nam Cao)
- drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li)
- sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- sctp: sysctl: udp_port: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- sctp: sysctl: rto_min/max: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY (Mikulas Patocka)
- dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen)
- afs: Fix the maximum cell name length (David Howells)
- ksmbd: fix a missing return value check bug (Wentao Liang)
- drm/mediatek: Add support for 180-degree rotation in the display driver (Jason-JH.Lin)
- netfilter: conntrack: clamp maximum hashtable size to INT_MAX (Pablo Neira Ayuso)
- netfilter: nf_tables: imbalance in flowtable binding (Pablo Neira Ayuso)
- tls: Fix tls_sw_sendmsg error handling (Benjamin Coddington)
- cxgb4: Avoid removal of uninserted tid (Anumula Murali Mohan Reddy)
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (Kalesh AP)
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet)
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero (Zhongqiu Duan)
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (Jason Xing)
- net: 802: LLC+SNAP OID:PID lookup on start of skb data (Antonio Pastor)
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (Keisuke Nishimura)
- ASoC: mediatek: disable buffer pre-allocation (Chen-Yu Tsai)
- exfat: fix the infinite loop in __exfat_free_cluster() (Yuezhang Mo)
- exfat: fix the infinite loop in exfat_readdir() (Yuezhang Mo)
- dm array: fix cursor index when skipping across block boundaries (Ming-Hung Tsai)
- dm array: fix unreleased btree blocks on closing a faulty array cursor (Ming-Hung Tsai)
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai)
- jbd2: flush filesystem device before updating tail sequence (Zhang Yi)
- ceph: give up on paths longer than PATH_MAX (Max Kellermann)

[5.15.0-306.176.1.el8uek]
- mm/page_alloc: fix min_free_kbytes calculation regarding ZONE_MOVABLE (liuq) [Orabug: 37503579]
- mm: Limit warning message in vmemmap_verify() to once (Ma Wupeng) [Orabug: 37503579]
- assoc_array: fix the return value in assoc_array_insert_mid_shortcut() (Roman Smirnov) [Orabug: 37503579]
- assoc_array: Avoid open coded arithmetic in allocator arguments (Len Baker) [Orabug: 37503579]
- mm/page_alloc: use accumulated load when building node fallback list (Krupa Ramakrishnan) [Orabug: 37503525]
- mm/page_alloc: print node fallback order (Bharata B Rao) [Orabug: 37503525]
- PCI: Support BAR sizes up to 8TB (Dongdong Liu) [Orabug: 37503525]
- uek-rpm: Enable USB_XHCI_PCI_RENESAS as a module for aarch64 platforms (Harshit Mogalapalli) [Orabug: 37552080]
- cifs: use correct lock type in cifs_reconnect() (Paulo Alcantara) [Orabug: 37535421]
- cifs: fix NULL ptr dereference in refresh_mounts() (Paulo Alcantara) [Orabug: 37535421]

ELSA-2025-20152 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-20152

http://linux.oracle.com/errata/ELSA-2025-20152.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-306.177.4.el9uek.x86_64.rpm
kernel-uek-5.15.0-306.177.4.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-306.177.4.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-306.177.4.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-306.177.4.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-306.177.4.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-306.177.4.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-306.177.4.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-306.177.4.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-306.177.4.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-306.177.4.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-306.177.4.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-306.177.4.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-306.177.4.el9uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-306.177.4.el9uek.src.rpm

Related CVEs:

CVE-2024-36899
CVE-2024-47687
CVE-2024-47707
CVE-2024-53110
CVE-2024-53124
CVE-2024-53162
CVE-2024-56631
CVE-2024-56672
CVE-2024-57804

Description of changes:

[5.15.0-306.177.4.el9uek]
- Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" (Greg Kroah-Hartman)
- drm/v3d: Assign job pointer to NULL before signaling the fence (Maíra Canal)
- scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (Ranjan Kumar) [Orabug: 37472354] {CVE-2024-57804}

[5.15.0-306.177.3.el9uek]
- uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530219]
- mm, madvise: fix potential workingset node list_lru leaks (Kairui Song) [Orabug: 37464586]
- crypto: qat/qat_4xxx - fix off by one in uof_get_name() (Dan Carpenter) [Orabug: 37427536] {CVE-2024-53162}
- vdpa/mlx5: Fix error path during device add (Dragos Tatulea) [Orabug: 37296163]
- vp_vdpa: fix id_table array not null terminated error (Xiaoguang Wang) [Orabug: 37296163] {CVE-2024-53110}
- vdpa/mlx5: Postpone MR deletion (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Introduce init/destroy for MR resources (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Rename mr_mtx -> lock (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Extract mr members in own resource struct (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Rename function (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Delete direct MKEYs in parallel (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Create direct MKEYs in parallel (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Parallelize VQ suspend/resume for CVQ MQ command (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Small improvement for change_num_qps() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Keep notifiers during suspend but ignore (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Parallelize device resume (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Parallelize device suspend (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Use async API for vq modify commands (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Use async API for vq query command (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Introduce async fw command wrapper (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Introduce error logging function (Dragos Tatulea) [Orabug: 37296163]
- net/mlx5: Support throttled commands from async API (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Add the support of set mac address (Cindy Lu) [Orabug: 37296163]
- vdpa_sim_net: Add the support of set mac address (Cindy Lu) [Orabug: 37296163]
- vdpa: support set mac address from vdpa tool (Cindy Lu) [Orabug: 37296163]
- vdpa/mlx5: Fix invalid mr resource destroy (Dragos Tatulea) [Orabug: 37296163] {CVE-2024-47687}
- vdpa/mlx5: Don't enable non-active VQs in .set_vq_ready() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Don't reset VQs more than necessary (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Re-create HW VQs under certain conditions (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Pre-create hardware VQs at vdpa .dev_add time (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Use suspend/resume during VQP change (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Forward error in suspend/resume device (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Consolidate all VQ modify to Ready to use resume_vq() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Add error code for suspend/resume VQ (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Accept Init -> Ready VQ transition in resume_vq() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Allow creation of blank VQs (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Set mkey modified flags on all VQs (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Start off rqt_size with max VQPs (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Set an initial size on the VQ (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Add support for modifying the VQ features field (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Add support for modifying the virtio_version VQ field (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Rename init_mvqs (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Clear and reinitialize software VQ data on reset (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Initialize and reset device with one queue pair (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Remove duplicate suspend code (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Iterate over active VQs during suspend/resume (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Drop redundant check in teardown_virtqueues() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Drop redundant code (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Make setup/teardown_vq_resources() symmetrical (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Clarify meaning thorough function rename (Dragos Tatulea) [Orabug: 37296163]
- vhost-vdpa: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 37296163]
- vp_vdpa: don't allocate unused msix vectors (Yuxue Liu) [Orabug: 37296163]
- vdpa: Convert sprintf/snprintf to sysfs_emit (Li Zhijian) [Orabug: 37296163]
- vp_vdpa: Fix return value check vp_vdpa_request_irq (Yuxue Liu) [Orabug: 37296163]
- vhost-vdpa: change ioctl # for VDPA_GET_VRING_SIZE (Michael S. Tsirkin) [Orabug: 37296163]
- virtio_vdpa: create vqs with the actual size (Zhu Lingshan) [Orabug: 37296163]
- vdpa_sim: implement vdpa_config_ops.get_vq_size for vDPA simulator (Zhu Lingshan) [Orabug: 37296163]
- vp_vdpa: implement vdpa_config_ops.get_vq_size (Zhu Lingshan) [Orabug: 37296163]
- vDPA: introduce get_vq_size to vdpa_config_ops (Zhu Lingshan) [Orabug: 37296163]
- vhost-vdpa: uapi to support reporting per vq size (Zhu Lingshan) [Orabug: 37296163]
- vdpa: skip suspend/resume ops if not DRIVER_OK (Steve Sistare) [Orabug: 37296163]
- vdpa_sim: reset must not run (Steve Sistare) [Orabug: 37296163]
- vdpa: Block vq property changes in DRIVER_OK (Dragos Tatulea) [Orabug: 37296163]
- vdpa: Track device suspended state (Dragos Tatulea) [Orabug: 37296163]
- vdpa: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 37296163]
- SUNRPC: do not retry on EKEYEXPIRED when user TGT ticket expired (Dai Ngo) [Orabug: 34162493]

[5.15.0-306.177.2.el9uek]
- LTS version: v5.15.177 (Vijayendra Suman)
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals (Ron Economos)
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals (Arnd Bergmann)
- net: fix data-races around sk->sk_forward_alloc (Wang Liang) [Orabug: 37388795] {CVE-2024-53124}
- scsi: sg: Fix slab-use-after-free read in sg_release() (Suraj Sonawane) [Orabug: 37434117] {CVE-2024-56631}
- x86/xen: fix SLS mitigation in xen_hypercall_iret() (Juergen Gross)
- nfsd: add list_head nf_gc to struct nfsd_file (Youzhong Yang)
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet) [Orabug: 37200706] {CVE-2024-47707}
- vsock/virtio: discard packets if the transport changes (Stefano Garzarella)
- blk-cgroup: Fix UAF in blkcg_unpin_online() (Tejun Heo) [Orabug: 37434276] {CVE-2024-56672}
- iio: adc: rockchip_saradc: fix information leak in triggered buffer (Javier Carrasco)
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on (Jean-Baptiste Maneyrol)
- iio: imu: inv_icm42600: fix spi burst write not supported (Jean-Baptiste Maneyrol)
- drm/i915/fb: Relax clear color alignment to 64 bytes (Ville Syrjälä)
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly (Yogesh Lal)
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify (Zhongqiu Han) [Orabug: 36683269] {CVE-2024-36899}
- fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel)
- filemap: avoid truncating 64-bit offset to 32 bits (Marco Nelissen)
- vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (Stefano Garzarella)
- vsock: reset socket state when de-assigning the transport (Stefano Garzarella)
- vsock/virtio: cancel close work in the destructor (Stefano Garzarella)
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks (Heiner Kallweit)
- nvmet: propagate npwg topology (Luis Chamberlain)
- poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() (Oleg Nesterov)
- ACPI: resource: acpi_dev_irq_override(): Check DMI match last (Hans de Goede)
- kheaders: Ignore silly-rename files (David Howells)
- fs: fix missing declaration of init_files (Zhang Kunbo)
- hfs: Sanity check the root record (Leo Stone)
- mac802154: check local interfaces before deleting sdata list (Lizhi Xu)
- i2c: rcar: fix NACK handling when being a target (Wolfram Sang)
- i2c: mux: demux-pinctrl: check initial mux selection, too (Wolfram Sang)
- drm/v3d: Ensure job pointer is set to NULL after job completion (Maíra Canal)
- net/mlx5: Fix RDMA TX steering prio (Patrisious Haddad)
- net: xilinx: axienet: Fix IRQ coalescing packet count overflow (Sean Anderson)
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output() (Dan Carpenter)
- pktgen: Avoid out-of-bounds access in get_imix_entries (Artem Chernyshev)
- bpf: Fix bpf_sk_select_reuseport() memory leak (Michal Luczaj)
- net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() (Sudheer Kumar Doredla)
- phy: usb: Fix clock imbalance for suspend/resume (Justin Chen)
- phy: usb: Use slow clock for wake enabled suspend (Justin Chen)
- mptcp: fix TCP options overflow. (Paolo Abeni)
- mptcp: drop port parameter of mptcp_pm_add_addr_signal (Geliang Tang)
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam)
- ocfs2: correct return value of ocfs2_local_free_info() (Joseph Qi)
- phy: usb: Toggle the PHY power during init (Justin Chen)
- phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers (Al Cooper)
- of: address: Preserve the flags portion on 1:1 dma-ranges mapping (Andrea della Porta)
- of: address: Store number of bus flag cells rather than bool (Rob Herring)
- of: address: Remove duplicated functions (Herve Codina)
- of: address: Fix address translation when address-size is greater than 2 (Herve Codina)
- of/address: Add support for 3 address cell bus (Rob Herring)
- of: unittest: Add bus address range parsing tests (Rob Herring)
- arm64: dts: rockchip: add hevc power domain clock to rk3328 (Peter Geis)
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (Yu Kuai)
- iio: adc: ad7124: Disable all channels at probe time (Uwe Kleine-König)
- iio: inkern: call iio_device_put() only on mapped devices (Joe Hattori)
- iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori)
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (Fabio Estevam)
- iio: gyro: fxas21002c: Fix missing data update in trigger handler (Carlos Song)
- iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco)
- iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco)
- iio: light: vcnl4035: fix information leak in triggered buffer (Javier Carrasco)
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco)
- iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco)
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M)
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (Prashanth K)
- usb: fix reference leak in usb_new_device() (Ma Ke)
- USB: core: Disable LPM only for non-suspended ports (Kai-Heng Feng)
- USB: usblp: return error when setting unsupported protocol (Jun Yan)
- usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu)
- topology: Keep the cpumask unchanged when printing cpumap (Li Huafei)
- usb: dwc3: gadget: fix writing NYET threshold (André Draszik)
- USB: serial: cp210x: add Phoenix Contact UPS Device (Johan Hovold)
- usb-storage: Add max sectors quirk for Nokia 208 (Lubomir Rintel)
- staging: iio: ad9832: Correct phase range check (Zicheng Qu)
- staging: iio: ad9834: Correct phase range check (Zicheng Qu)
- USB: serial: option: add Neoway N723-EA support (Michal Hrusecky)
- USB: serial: option: add MeiG Smart SRM815 (Chukun Pan)
- md/raid5: fix atomicity violation in raid5_cache_count (Gui-Dong Han)
- scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity (Kuan-Wei Chiu)
- drm/amd/display: increase MAX_SURFACES to the value supported by hw (Melissa Wen)
- ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (Hans de Goede)
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (Hans de Goede)
- riscv: Fix sleeping in invalid context in die() (Nam Cao)
- drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li)
- sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- sctp: sysctl: udp_port: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- sctp: sysctl: rto_min/max: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY (Mikulas Patocka)
- dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen)
- afs: Fix the maximum cell name length (David Howells)
- ksmbd: fix a missing return value check bug (Wentao Liang)
- drm/mediatek: Add support for 180-degree rotation in the display driver (Jason-JH.Lin)
- netfilter: conntrack: clamp maximum hashtable size to INT_MAX (Pablo Neira Ayuso)
- netfilter: nf_tables: imbalance in flowtable binding (Pablo Neira Ayuso)
- tls: Fix tls_sw_sendmsg error handling (Benjamin Coddington)
- cxgb4: Avoid removal of uninserted tid (Anumula Murali Mohan Reddy)
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (Kalesh AP)
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet)
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero (Zhongqiu Duan)
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (Jason Xing)
- net: 802: LLC+SNAP OID:PID lookup on start of skb data (Antonio Pastor)
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (Keisuke Nishimura)
- ASoC: mediatek: disable buffer pre-allocation (Chen-Yu Tsai)
- exfat: fix the infinite loop in __exfat_free_cluster() (Yuezhang Mo)
- exfat: fix the infinite loop in exfat_readdir() (Yuezhang Mo)
- dm array: fix cursor index when skipping across block boundaries (Ming-Hung Tsai)
- dm array: fix unreleased btree blocks on closing a faulty array cursor (Ming-Hung Tsai)
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai)
- jbd2: flush filesystem device before updating tail sequence (Zhang Yi)
- ceph: give up on paths longer than PATH_MAX (Max Kellermann)

[5.15.0-306.176.1.el9uek]
- mm/page_alloc: fix min_free_kbytes calculation regarding ZONE_MOVABLE (liuq) [Orabug: 37503579]
- mm: Limit warning message in vmemmap_verify() to once (Ma Wupeng) [Orabug: 37503579]
- assoc_array: fix the return value in assoc_array_insert_mid_shortcut() (Roman Smirnov) [Orabug: 37503579]
- assoc_array: Avoid open coded arithmetic in allocator arguments (Len Baker) [Orabug: 37503579]
- mm/page_alloc: use accumulated load when building node fallback list (Krupa Ramakrishnan) [Orabug: 37503525]
- mm/page_alloc: print node fallback order (Bharata B Rao) [Orabug: 37503525]
- PCI: Support BAR sizes up to 8TB (Dongdong Liu) [Orabug: 37503525]
- uek-rpm: Enable USB_XHCI_PCI_RENESAS as a module for aarch64 platforms (Harshit Mogalapalli) [Orabug: 37552080]
- cifs: use correct lock type in cifs_reconnect() (Paulo Alcantara) [Orabug: 37535421]
- cifs: fix NULL ptr dereference in refresh_mounts() (Paulo Alcantara) [Orabug: 37535421]

ELSA-2025-20152 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-20152

http://linux.oracle.com/errata/ELSA-2025-20152.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

aarch64:
bpftool-5.15.0-306.177.4.el9uek.aarch64.rpm
kernel-uek-5.15.0-306.177.4.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-306.177.4.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-306.177.4.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-306.177.4.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-306.177.4.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-306.177.4.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-306.177.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-306.177.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-306.177.4.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-306.177.4.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-306.177.4.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-306.177.4.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-306.177.4.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-306.177.4.el9uek.src.rpm

Related CVEs:

CVE-2024-36899
CVE-2024-47687
CVE-2024-47707
CVE-2024-53110
CVE-2024-53124
CVE-2024-53162
CVE-2024-56631
CVE-2024-56672
CVE-2024-57804

Description of changes:

[5.15.0-306.177.4.el9uek]
- Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" (Greg Kroah-Hartman)
- drm/v3d: Assign job pointer to NULL before signaling the fence (Maíra Canal)
- scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (Ranjan Kumar) [Orabug: 37472354] {CVE-2024-57804}

[5.15.0-306.177.3.el9uek]
- uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530219]
- mm, madvise: fix potential workingset node list_lru leaks (Kairui Song) [Orabug: 37464586]
- crypto: qat/qat_4xxx - fix off by one in uof_get_name() (Dan Carpenter) [Orabug: 37427536] {CVE-2024-53162}
- vdpa/mlx5: Fix error path during device add (Dragos Tatulea) [Orabug: 37296163]
- vp_vdpa: fix id_table array not null terminated error (Xiaoguang Wang) [Orabug: 37296163] {CVE-2024-53110}
- vdpa/mlx5: Postpone MR deletion (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Introduce init/destroy for MR resources (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Rename mr_mtx -> lock (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Extract mr members in own resource struct (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Rename function (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Delete direct MKEYs in parallel (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Create direct MKEYs in parallel (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Parallelize VQ suspend/resume for CVQ MQ command (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Small improvement for change_num_qps() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Keep notifiers during suspend but ignore (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Parallelize device resume (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Parallelize device suspend (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Use async API for vq modify commands (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Use async API for vq query command (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Introduce async fw command wrapper (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Introduce error logging function (Dragos Tatulea) [Orabug: 37296163]
- net/mlx5: Support throttled commands from async API (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Add the support of set mac address (Cindy Lu) [Orabug: 37296163]
- vdpa_sim_net: Add the support of set mac address (Cindy Lu) [Orabug: 37296163]
- vdpa: support set mac address from vdpa tool (Cindy Lu) [Orabug: 37296163]
- vdpa/mlx5: Fix invalid mr resource destroy (Dragos Tatulea) [Orabug: 37296163] {CVE-2024-47687}
- vdpa/mlx5: Don't enable non-active VQs in .set_vq_ready() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Don't reset VQs more than necessary (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Re-create HW VQs under certain conditions (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Pre-create hardware VQs at vdpa .dev_add time (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Use suspend/resume during VQP change (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Forward error in suspend/resume device (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Consolidate all VQ modify to Ready to use resume_vq() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Add error code for suspend/resume VQ (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Accept Init -> Ready VQ transition in resume_vq() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Allow creation of blank VQs (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Set mkey modified flags on all VQs (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Start off rqt_size with max VQPs (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Set an initial size on the VQ (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Add support for modifying the VQ features field (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Add support for modifying the virtio_version VQ field (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Rename init_mvqs (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Clear and reinitialize software VQ data on reset (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Initialize and reset device with one queue pair (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Remove duplicate suspend code (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Iterate over active VQs during suspend/resume (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Drop redundant check in teardown_virtqueues() (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Drop redundant code (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Make setup/teardown_vq_resources() symmetrical (Dragos Tatulea) [Orabug: 37296163]
- vdpa/mlx5: Clarify meaning thorough function rename (Dragos Tatulea) [Orabug: 37296163]
- vhost-vdpa: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 37296163]
- vp_vdpa: don't allocate unused msix vectors (Yuxue Liu) [Orabug: 37296163]
- vdpa: Convert sprintf/snprintf to sysfs_emit (Li Zhijian) [Orabug: 37296163]
- vp_vdpa: Fix return value check vp_vdpa_request_irq (Yuxue Liu) [Orabug: 37296163]
- vhost-vdpa: change ioctl # for VDPA_GET_VRING_SIZE (Michael S. Tsirkin) [Orabug: 37296163]
- virtio_vdpa: create vqs with the actual size (Zhu Lingshan) [Orabug: 37296163]
- vdpa_sim: implement vdpa_config_ops.get_vq_size for vDPA simulator (Zhu Lingshan) [Orabug: 37296163]
- vp_vdpa: implement vdpa_config_ops.get_vq_size (Zhu Lingshan) [Orabug: 37296163]
- vDPA: introduce get_vq_size to vdpa_config_ops (Zhu Lingshan) [Orabug: 37296163]
- vhost-vdpa: uapi to support reporting per vq size (Zhu Lingshan) [Orabug: 37296163]
- vdpa: skip suspend/resume ops if not DRIVER_OK (Steve Sistare) [Orabug: 37296163]
- vdpa_sim: reset must not run (Steve Sistare) [Orabug: 37296163]
- vdpa: Block vq property changes in DRIVER_OK (Dragos Tatulea) [Orabug: 37296163]
- vdpa: Track device suspended state (Dragos Tatulea) [Orabug: 37296163]
- vdpa: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 37296163]
- SUNRPC: do not retry on EKEYEXPIRED when user TGT ticket expired (Dai Ngo) [Orabug: 34162493]

[5.15.0-306.177.2.el9uek]
- LTS version: v5.15.177 (Vijayendra Suman)
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals (Ron Economos)
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals (Arnd Bergmann)
- net: fix data-races around sk->sk_forward_alloc (Wang Liang) [Orabug: 37388795] {CVE-2024-53124}
- scsi: sg: Fix slab-use-after-free read in sg_release() (Suraj Sonawane) [Orabug: 37434117] {CVE-2024-56631}
- x86/xen: fix SLS mitigation in xen_hypercall_iret() (Juergen Gross)
- nfsd: add list_head nf_gc to struct nfsd_file (Youzhong Yang)
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet) [Orabug: 37200706] {CVE-2024-47707}
- vsock/virtio: discard packets if the transport changes (Stefano Garzarella)
- blk-cgroup: Fix UAF in blkcg_unpin_online() (Tejun Heo) [Orabug: 37434276] {CVE-2024-56672}
- iio: adc: rockchip_saradc: fix information leak in triggered buffer (Javier Carrasco)
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on (Jean-Baptiste Maneyrol)
- iio: imu: inv_icm42600: fix spi burst write not supported (Jean-Baptiste Maneyrol)
- drm/i915/fb: Relax clear color alignment to 64 bytes (Ville Syrjälä)
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly (Yogesh Lal)
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify (Zhongqiu Han) [Orabug: 36683269] {CVE-2024-36899}
- fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel)
- filemap: avoid truncating 64-bit offset to 32 bits (Marco Nelissen)
- vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (Stefano Garzarella)
- vsock: reset socket state when de-assigning the transport (Stefano Garzarella)
- vsock/virtio: cancel close work in the destructor (Stefano Garzarella)
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks (Heiner Kallweit)
- nvmet: propagate npwg topology (Luis Chamberlain)
- poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() (Oleg Nesterov)
- ACPI: resource: acpi_dev_irq_override(): Check DMI match last (Hans de Goede)
- kheaders: Ignore silly-rename files (David Howells)
- fs: fix missing declaration of init_files (Zhang Kunbo)
- hfs: Sanity check the root record (Leo Stone)
- mac802154: check local interfaces before deleting sdata list (Lizhi Xu)
- i2c: rcar: fix NACK handling when being a target (Wolfram Sang)
- i2c: mux: demux-pinctrl: check initial mux selection, too (Wolfram Sang)
- drm/v3d: Ensure job pointer is set to NULL after job completion (Maíra Canal)
- net/mlx5: Fix RDMA TX steering prio (Patrisious Haddad)
- net: xilinx: axienet: Fix IRQ coalescing packet count overflow (Sean Anderson)
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output() (Dan Carpenter)
- pktgen: Avoid out-of-bounds access in get_imix_entries (Artem Chernyshev)
- bpf: Fix bpf_sk_select_reuseport() memory leak (Michal Luczaj)
- net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() (Sudheer Kumar Doredla)
- phy: usb: Fix clock imbalance for suspend/resume (Justin Chen)
- phy: usb: Use slow clock for wake enabled suspend (Justin Chen)
- mptcp: fix TCP options overflow. (Paolo Abeni)
- mptcp: drop port parameter of mptcp_pm_add_addr_signal (Geliang Tang)
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam)
- ocfs2: correct return value of ocfs2_local_free_info() (Joseph Qi)
- phy: usb: Toggle the PHY power during init (Justin Chen)
- phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers (Al Cooper)
- of: address: Preserve the flags portion on 1:1 dma-ranges mapping (Andrea della Porta)
- of: address: Store number of bus flag cells rather than bool (Rob Herring)
- of: address: Remove duplicated functions (Herve Codina)
- of: address: Fix address translation when address-size is greater than 2 (Herve Codina)
- of/address: Add support for 3 address cell bus (Rob Herring)
- of: unittest: Add bus address range parsing tests (Rob Herring)
- arm64: dts: rockchip: add hevc power domain clock to rk3328 (Peter Geis)
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (Yu Kuai)
- iio: adc: ad7124: Disable all channels at probe time (Uwe Kleine-König)
- iio: inkern: call iio_device_put() only on mapped devices (Joe Hattori)
- iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori)
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (Fabio Estevam)
- iio: gyro: fxas21002c: Fix missing data update in trigger handler (Carlos Song)
- iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco)
- iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco)
- iio: light: vcnl4035: fix information leak in triggered buffer (Javier Carrasco)
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco)
- iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco)
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M)
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (Prashanth K)
- usb: fix reference leak in usb_new_device() (Ma Ke)
- USB: core: Disable LPM only for non-suspended ports (Kai-Heng Feng)
- USB: usblp: return error when setting unsupported protocol (Jun Yan)
- usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu)
- topology: Keep the cpumask unchanged when printing cpumap (Li Huafei)
- usb: dwc3: gadget: fix writing NYET threshold (André Draszik)
- USB: serial: cp210x: add Phoenix Contact UPS Device (Johan Hovold)
- usb-storage: Add max sectors quirk for Nokia 208 (Lubomir Rintel)
- staging: iio: ad9832: Correct phase range check (Zicheng Qu)
- staging: iio: ad9834: Correct phase range check (Zicheng Qu)
- USB: serial: option: add Neoway N723-EA support (Michal Hrusecky)
- USB: serial: option: add MeiG Smart SRM815 (Chukun Pan)
- md/raid5: fix atomicity violation in raid5_cache_count (Gui-Dong Han)
- scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity (Kuan-Wei Chiu)
- drm/amd/display: increase MAX_SURFACES to the value supported by hw (Melissa Wen)
- ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (Hans de Goede)
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (Hans de Goede)
- riscv: Fix sleeping in invalid context in die() (Nam Cao)
- drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li)
- sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- sctp: sysctl: udp_port: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- sctp: sysctl: rto_min/max: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY (Mikulas Patocka)
- dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen)
- afs: Fix the maximum cell name length (David Howells)
- ksmbd: fix a missing return value check bug (Wentao Liang)
- drm/mediatek: Add support for 180-degree rotation in the display driver (Jason-JH.Lin)
- netfilter: conntrack: clamp maximum hashtable size to INT_MAX (Pablo Neira Ayuso)
- netfilter: nf_tables: imbalance in flowtable binding (Pablo Neira Ayuso)
- tls: Fix tls_sw_sendmsg error handling (Benjamin Coddington)
- cxgb4: Avoid removal of uninserted tid (Anumula Murali Mohan Reddy)
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (Kalesh AP)
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet)
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero (Zhongqiu Duan)
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (Jason Xing)
- net: 802: LLC+SNAP OID:PID lookup on start of skb data (Antonio Pastor)
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (Keisuke Nishimura)
- ASoC: mediatek: disable buffer pre-allocation (Chen-Yu Tsai)
- exfat: fix the infinite loop in __exfat_free_cluster() (Yuezhang Mo)
- exfat: fix the infinite loop in exfat_readdir() (Yuezhang Mo)
- dm array: fix cursor index when skipping across block boundaries (Ming-Hung Tsai)
- dm array: fix unreleased btree blocks on closing a faulty array cursor (Ming-Hung Tsai)
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai)
- jbd2: flush filesystem device before updating tail sequence (Zhang Yi)
- ceph: give up on paths longer than PATH_MAX (Max Kellermann)

[5.15.0-306.176.1.el9uek]
- mm/page_alloc: fix min_free_kbytes calculation regarding ZONE_MOVABLE (liuq) [Orabug: 37503579]
- mm: Limit warning message in vmemmap_verify() to once (Ma Wupeng) [Orabug: 37503579]
- assoc_array: fix the return value in assoc_array_insert_mid_shortcut() (Roman Smirnov) [Orabug: 37503579]
- assoc_array: Avoid open coded arithmetic in allocator arguments (Len Baker) [Orabug: 37503579]
- mm/page_alloc: use accumulated load when building node fallback list (Krupa Ramakrishnan) [Orabug: 37503525]
- mm/page_alloc: print node fallback order (Bharata B Rao) [Orabug: 37503525]
- PCI: Support BAR sizes up to 8TB (Dongdong Liu) [Orabug: 37503525]
- uek-rpm: Enable USB_XHCI_PCI_RENESAS as a module for aarch64 platforms (Harshit Mogalapalli) [Orabug: 37552080]
- cifs: use correct lock type in cifs_reconnect() (Paulo Alcantara) [Orabug: 37535421]
- cifs: fix NULL ptr dereference in refresh_mounts() (Paulo Alcantara) [Orabug: 37535421]

ELBA-2025-2606 Oracle Linux 8 grafana bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-2606

http://linux.oracle.com/errata/ELBA-2025-2606.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-9.2.10-22.el8_10.x86_64.rpm
grafana-selinux-9.2.10-22.el8_10.x86_64.rpm

aarch64:
grafana-9.2.10-22.el8_10.aarch64.rpm
grafana-selinux-9.2.10-22.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//grafana-9.2.10-22.el8_10.src.rpm

Description of changes:

[9.2.10-22]
- Resolves RHEL-75921: grafana selinux issue with autofs_t

ELSA-2025-2600 Moderate: Oracle Linux 8 rsync security update

Oracle Linux Security Advisory ELSA-2025-2600

http://linux.oracle.com/errata/ELSA-2025-2600.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
rsync-3.1.3-21.el8_10.x86_64.rpm
rsync-daemon-3.1.3-21.el8_10.noarch.rpm

aarch64:
rsync-3.1.3-21.el8_10.aarch64.rpm
rsync-daemon-3.1.3-21.el8_10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//rsync-3.1.3-21.el8_10.src.rpm

Related CVEs:

CVE-2024-12087
CVE-2024-12088
CVE-2024-12747

Description of changes:

[3.1.3-21]
- Resolves: RHEL-70207 - Path traversal vulnerability in rsync

ELSA-2025-20153 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-20153

http://linux.oracle.com/errata/ELSA-2025-20153.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.341.3.1.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.341.3.1.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.341.3.1.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.341.3.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.341.3.1.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.341.3.1.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.341.3.1.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.341.3.1.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-5.4.17-2136.341.3.1.el7uek.src.rpm

Related CVEs:

CVE-2024-44986
CVE-2024-53164
CVE-2024-56767
CVE-2024-56769

Description of changes:

[5.4.17-2136.341.3.1.el7uek]
- Revert "NFSD: Limit the number of concurrent async COPY operations" (Sherry Yang) [Orabug: 37667080]

[5.4.17-2136.341.3.el7uek]
- io_uring: fix possible deadlock in io_register_iowq_max_workers() (Hagar Hemdan) [Orabug: 37565787]
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (Jens Axboe) [Orabug: 37565787]
- io_uring: use kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787]
- fs: create kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787]
- io_uring: rename kiocb_end_write() local helper (Amir Goldstein) [Orabug: 37565787]
- io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe) [Orabug: 37565787]
- io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer) [Orabug: 37565787]
- io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe) [Orabug: 37565787]
- io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer) [Orabug: 37565787]
- io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) [Orabug: 37565787]
- vfs: check dentry is still valid in get_link() (Ian Kent) [Orabug: 37536393]
- RDS: avoid queueing delayed work on an offlined cpu (Praveen Kumar Kannoju) [Orabug: 37260584]
- NFSD: Limit the number of concurrent async COPY operations (Chuck Lever) [Orabug: 37206187]

[5.4.17-2136.341.2.el7uek]
- LTS tag: v5.4.289 (Sherry Yang)
- mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (Seiji Nishikawa)
- drm: adv7511: Drop dsi single lane support (Biju Das)
- net/sctp: Prevent autoclose integer overflow in sctp_association_init() (Nikolay Kuratov)
- sky2: Add device ID 11ab:4373 for Marvell 88E8075 (Pascal Hambourg)
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (Evgenii Shatokhin)
- RDMA/uverbs: Prevent integer overflow issue (Dan Carpenter)
- modpost: fix the missed iteration for the max bit in do_input() (Masahiro Yamada)
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (Masahiro Yamada)
- ARC: build: Try to guess GCC variant of cross compiler (Leon Romanovsky)
- irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (Uros Bizjak)
- net: usb: qmi_wwan: add Telit FE910C04 compositions (Daniele Palmas)
- bpf: fix potential error return (Anton Protopopov)
- sound: usb: format: don't warn that raw DSD is unsupported (Adrian Ratiu)
- wifi: mac80211: wake the queues in case of failure in resume (Emmanuel Grumbach)
- ila: serialize calls to nf_register_net_hooks() (Eric Dumazet)
- ALSA: usb-audio: US16x08: Initialize array before use (Tanya Agarwal)
- net: llc: reset skb->transport_header (Antonio Pastor)
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (Pablo Neira Ayuso)
- netfilter: Replace zero-length array with flexible-array member (Gustavo A. R. Silva)
- netrom: check buffer length before accessing it (Ilya Shchipletsov)
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly (Stefan Ekenberg)
- drm: bridge: adv7511: Enable SPDIF DAI (Bogdan Togorean)
- RDMA/bnxt_re: Fix max_qp_wrs reported (Selvin Xavier)
- RDMA/bnxt_re: Fix reporting hw_ver in query_device (Kalesh AP)
- RDMA/bnxt_re: Add check for path mtu in modify_qp (Saravanan Vajravel)
- RDMA/mlx5: Enforce same type port association for multiport RoCE (Patrisious Haddad)
- net/mlx5: Make API mlx5_core_is_ecpf accept const pointer (Parav Pandit)
- IB/mlx5: Introduce and use mlx5_core_is_vf() (Parav Pandit)
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (Michael Kelley)
- selinux: ignore unknown extended permissions (Thiébaud Weksteen)
- ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet)
- skb_expand_head() adjust skb->truesize incorrectly (Vasily Averin)
- btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana)
- tracing: Constify string literal data member in struct trace_event_call (Christian Göttsche)
- bpf: fix recursive lock when verdict program return SK_PASS (Jiayuan Chen)
- ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029070] {CVE-2024-44986}
- ipv6: use skb_expand_head in ip6_xmit (Vasily Averin)
- ipv6: use skb_expand_head in ip6_finish_output2 (Vasily Averin)
- skbuff: introduce skb_expand_head() (Vasily Averin)
- MIPS: Probe toolchain support of -msym32 (Jiaxun Yang)
- epoll: Add synchronous wakeup support for ep_poll_callback (Xuewen Yan)
- virtio-blk: don't keep queue frozen during system suspend (Ming Lei)
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (Ranjan Kumar)
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (Armin Wolf)
- regmap: Use correct format specifier for logging range errors (Mark Brown)
- scsi: megaraid_sas: Fix for a potential deadlock (Tomas Henzl)
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (Magnus Lindholm)
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (Masami Hiramatsu (Google))
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (Chen Ridong) [Orabug: 37452681] {CVE-2024-56767}
- dmaengine: mv_xor: fix child node refcount handling in early exit (Javier Carrasco)
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (Zijun Hu)
- phy: core: Fix that API devm_phy_put() fails to release the phy (Zijun Hu)
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (Zijun Hu)
- phy: core: Fix an OF node refcount leakage in _of_phy_get() (Zijun Hu)
- mtd: diskonchip: Cast an operand to prevent potential overflow (Zichen Xie)
- bpf: Check negative offsets in __bpf_skb_min_len() (Cong Wang)
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (Nikita Zhandarovich) [Orabug: 37452687] {CVE-2024-56769}
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (Zijun Hu)
- of: Fix error path in of_parse_phandle_with_args_map() (Herve Codina)
- udmabuf: also check for F_SEAL_FUTURE_WRITE (Jann Horn)
- nilfs2: prevent use of deleted inode (Edward Adam Davis)
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (Trond Myklebust)
- btrfs: tree-checker: reject inline extent items with 0 ref count (Qu Wenruo)
- zram: refuse to use zero sized block device as backing device (Kairui Song)
- sh: clk: Fix clk_enable() to return 0 on NULL clk (Geert Uytterhoeven)
- USB: serial: option: add Telit FE910C04 rmnet compositions (Daniele Palmas)
- USB: serial: option: add MediaTek T7XX compositions (Jack Wu)
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (Mank Wang)
- USB: serial: option: add MeiG Smart SLM770A (Michal Hrusecky)
- USB: serial: option: add TCL IK512 MBIM & ECM (Daniel Swanemar)
- efivarfs: Fix error on non-existent file (James Bottomley)
- i2c: riic: Always round-up when calculating bus period (Geert Uytterhoeven)
- chelsio/chtls: prevent potential integer overflow on 32bit (Dan Carpenter)
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (Prathamesh Shete)
- netfilter: ipset: Fix for recursive locking warning (Phil Sutter)
- net: ethernet: bgmac-platform: fix an OF node reference leak (Joe Hattori)
- net: hinic: Fix cleanup in create_rxqs/txqs() (Dan Carpenter)
- ionic: use ee->offset when returning sprom data (Shannon Nelson)
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (Guangguan Wang)
- erofs: fix incorrect symlink detection in fast symlink (Gao Xiang)
- erofs: fix order >= MAX_ORDER warning due to crafted negative i_size (Gao Xiang)
- drm/i915: Fix memory leak by correcting cache object name in error handler (Jiasheng Jiang)
- PCI: Add ACS quirk for Broadcom BCM5760X NIC (Ajit Khaparde)
- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (Takashi Iwai)
- PCI/AER: Disable AER service on suspend (Kai-Heng Feng)
- usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled (Peng Hongchi)
- net: sched: fix ordering of qlen adjustment (Lion Ackermann) [Orabug: 37433383] {CVE-2024-53164}

[5.4.17-2136.341.1.el7uek]
- kpcimgr: fix flush_icache_range arguments (Joe Dobosenski) [Orabug: 37525298]
- uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530220]

ELSA-2025-1718 Important: Oracle Linux 7 bind security update

Oracle Linux Security Advisory ELSA-2025-1718

http://linux.oracle.com/errata/ELSA-2025-1718.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
bind-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm
bind-chroot-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm
bind-devel-9.11.4-26.0.3.P2.el7_9.16.i686.rpm
bind-devel-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm
bind-export-devel-9.11.4-26.0.3.P2.el7_9.16.i686.rpm
bind-export-devel-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm
bind-export-libs-9.11.4-26.0.3.P2.el7_9.16.i686.rpm
bind-export-libs-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm
bind-libs-9.11.4-26.0.3.P2.el7_9.16.i686.rpm
bind-libs-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm
bind-libs-lite-9.11.4-26.0.3.P2.el7_9.16.i686.rpm
bind-libs-lite-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm
bind-license-9.11.4-26.0.3.P2.el7_9.16.noarch.rpm
bind-lite-devel-9.11.4-26.0.3.P2.el7_9.16.i686.rpm
bind-lite-devel-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm
bind-pkcs11-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm
bind-pkcs11-devel-9.11.4-26.0.3.P2.el7_9.16.i686.rpm
bind-pkcs11-devel-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm
bind-pkcs11-libs-9.11.4-26.0.3.P2.el7_9.16.i686.rpm
bind-pkcs11-libs-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm
bind-pkcs11-utils-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm
bind-sdb-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm
bind-sdb-chroot-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm
bind-utils-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//bind-9.11.4-26.0.3.P2.el7_9.16.src.rpm

Related CVEs:

CVE-2024-11187

Description of changes:

[32:9.11.4-26.0.3.P2.16]
- Resolve CVE-2024-11187 [Orabug: 37616907]

ELBA-2025-2617 Oracle Linux 8 libselinux bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-2617

http://linux.oracle.com/errata/ELBA-2025-2617.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libselinux-2.9-10.el8_10.i686.rpm
libselinux-2.9-10.el8_10.x86_64.rpm
libselinux-devel-2.9-10.el8_10.i686.rpm
libselinux-devel-2.9-10.el8_10.x86_64.rpm
libselinux-ruby-2.9-10.el8_10.x86_64.rpm
libselinux-utils-2.9-10.el8_10.x86_64.rpm
python3-libselinux-2.9-10.el8_10.x86_64.rpm
libselinux-static-2.9-10.el8_10.i686.rpm
libselinux-static-2.9-10.el8_10.x86_64.rpm

aarch64:
libselinux-2.9-10.el8_10.aarch64.rpm
libselinux-devel-2.9-10.el8_10.aarch64.rpm
libselinux-ruby-2.9-10.el8_10.aarch64.rpm
libselinux-utils-2.9-10.el8_10.aarch64.rpm
python3-libselinux-2.9-10.el8_10.aarch64.rpm
libselinux-static-2.9-10.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//libselinux-2.9-10.el8_10.src.rpm

Description of changes:

[2.9-10]
- Close old selabel handle when setting a new one (RHEL-73348)
- Fix NULL pointer use in selinux_restorecon_set_sehandle (RHEL-74252)

ELBA-2025-2605 Oracle Linux 8 geocode-glib bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-2605

http://linux.oracle.com/errata/ELBA-2025-2605.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
geocode-glib-3.26.0-4.el8_10.i686.rpm
geocode-glib-3.26.0-4.el8_10.x86_64.rpm
geocode-glib-devel-3.26.0-4.el8_10.i686.rpm
geocode-glib-devel-3.26.0-4.el8_10.x86_64.rpm

aarch64:
geocode-glib-3.26.0-4.el8_10.aarch64.rpm
geocode-glib-devel-3.26.0-4.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//geocode-glib-3.26.0-4.el8_10.src.rpm

Description of changes:

[3.26.0-4]
- Resolves: RHEL-4090 (Fix Nominatim crasher)

ELSA-2025-2502 Important: Oracle Linux 8 tigervnc security update

Oracle Linux Security Advisory ELSA-2025-2502

http://linux.oracle.com/errata/ELSA-2025-2502.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
tigervnc-1.13.1-15.el8_10.x86_64.rpm
tigervnc-icons-1.13.1-15.el8_10.noarch.rpm
tigervnc-license-1.13.1-15.el8_10.noarch.rpm
tigervnc-selinux-1.13.1-15.el8_10.noarch.rpm
tigervnc-server-1.13.1-15.el8_10.x86_64.rpm
tigervnc-server-minimal-1.13.1-15.el8_10.x86_64.rpm
tigervnc-server-module-1.13.1-15.el8_10.x86_64.rpm

aarch64:
tigervnc-1.13.1-15.el8_10.aarch64.rpm
tigervnc-icons-1.13.1-15.el8_10.noarch.rpm
tigervnc-license-1.13.1-15.el8_10.noarch.rpm
tigervnc-selinux-1.13.1-15.el8_10.noarch.rpm
tigervnc-server-1.13.1-15.el8_10.aarch64.rpm
tigervnc-server-minimal-1.13.1-15.el8_10.aarch64.rpm
tigervnc-server-module-1.13.1-15.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//tigervnc-1.13.1-15.el8_10.src.rpm

Related CVEs:

CVE-2025-26594
CVE-2025-26595
CVE-2025-26596
CVE-2025-26597
CVE-2025-26598
CVE-2025-26599
CVE-2025-26600
CVE-2025-26601

Description of changes:

[1.13.1-15]
- Fix CVE-2025-26594 xorg-x11-server Use-after-free of the root cursor
Resolves: RHEL-79397
- Fix CVE-2025-26595 xorg-x11-server Buffer overflow in XkbVModMaskText()
Resolves: RHEL-79401
- Fix CVE-2025-26596 xorg-x11-server Heap overflow in XkbWriteKeySyms()
Resolves: RHEL-79386
- Fix CVE-2025-26597 xorg-x11-server Buffer overflow in XkbChangeTypesOfKey()
Resolves: RHEL-79380
- Fix CVE-2025-26598 xorg-x11-server Out-of-bounds write in CreatePointerBarrierClient()
Resolves: RHEL-79369
- Fix CVE-2025-26599 xorg-x11-server Use of uninitialized pointer in compRedirectWindow()
Resolves: RHEL-79364
- Fix CVE-2025-26600 xorg-x11-server Use-after-free in PlayReleasedEvents()
Resolves: RHEL-79360
- Fix CVE-2025-26601 xorg-x11-server Use-after-free in SyncInitTrigger()
Resolves: RHEL-79348

ELSA-2025-20153 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-20153

http://linux.oracle.com/errata/ELSA-2025-20153.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.341.3.1.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.341.3.1.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.341.3.1.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.341.3.1.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.341.3.1.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.341.3.1.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.341.3.1.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.341.3.1.el8uek.src.rpm

Related CVEs:

CVE-2024-44986
CVE-2024-53164
CVE-2024-56767
CVE-2024-56769

Description of changes:

[5.4.17-2136.341.3.1.el8uek]
- Revert "NFSD: Limit the number of concurrent async COPY operations" (Sherry Yang) [Orabug: 37667080]

[5.4.17-2136.341.3.el8uek]
- io_uring: fix possible deadlock in io_register_iowq_max_workers() (Hagar Hemdan) [Orabug: 37565787]
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (Jens Axboe) [Orabug: 37565787]
- io_uring: use kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787]
- fs: create kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787]
- io_uring: rename kiocb_end_write() local helper (Amir Goldstein) [Orabug: 37565787]
- io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe) [Orabug: 37565787]
- io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer) [Orabug: 37565787]
- io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe) [Orabug: 37565787]
- io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer) [Orabug: 37565787]
- io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) [Orabug: 37565787]
- vfs: check dentry is still valid in get_link() (Ian Kent) [Orabug: 37536393]
- RDS: avoid queueing delayed work on an offlined cpu (Praveen Kumar Kannoju) [Orabug: 37260584]
- NFSD: Limit the number of concurrent async COPY operations (Chuck Lever) [Orabug: 37206187]

[5.4.17-2136.341.2.el8uek]
- LTS tag: v5.4.289 (Sherry Yang)
- mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (Seiji Nishikawa)
- drm: adv7511: Drop dsi single lane support (Biju Das)
- net/sctp: Prevent autoclose integer overflow in sctp_association_init() (Nikolay Kuratov)
- sky2: Add device ID 11ab:4373 for Marvell 88E8075 (Pascal Hambourg)
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (Evgenii Shatokhin)
- RDMA/uverbs: Prevent integer overflow issue (Dan Carpenter)
- modpost: fix the missed iteration for the max bit in do_input() (Masahiro Yamada)
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (Masahiro Yamada)
- ARC: build: Try to guess GCC variant of cross compiler (Leon Romanovsky)
- irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (Uros Bizjak)
- net: usb: qmi_wwan: add Telit FE910C04 compositions (Daniele Palmas)
- bpf: fix potential error return (Anton Protopopov)
- sound: usb: format: don't warn that raw DSD is unsupported (Adrian Ratiu)
- wifi: mac80211: wake the queues in case of failure in resume (Emmanuel Grumbach)
- ila: serialize calls to nf_register_net_hooks() (Eric Dumazet)
- ALSA: usb-audio: US16x08: Initialize array before use (Tanya Agarwal)
- net: llc: reset skb->transport_header (Antonio Pastor)
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (Pablo Neira Ayuso)
- netfilter: Replace zero-length array with flexible-array member (Gustavo A. R. Silva)
- netrom: check buffer length before accessing it (Ilya Shchipletsov)
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly (Stefan Ekenberg)
- drm: bridge: adv7511: Enable SPDIF DAI (Bogdan Togorean)
- RDMA/bnxt_re: Fix max_qp_wrs reported (Selvin Xavier)
- RDMA/bnxt_re: Fix reporting hw_ver in query_device (Kalesh AP)
- RDMA/bnxt_re: Add check for path mtu in modify_qp (Saravanan Vajravel)
- RDMA/mlx5: Enforce same type port association for multiport RoCE (Patrisious Haddad)
- net/mlx5: Make API mlx5_core_is_ecpf accept const pointer (Parav Pandit)
- IB/mlx5: Introduce and use mlx5_core_is_vf() (Parav Pandit)
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (Michael Kelley)
- selinux: ignore unknown extended permissions (Thiébaud Weksteen)
- ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet)
- skb_expand_head() adjust skb->truesize incorrectly (Vasily Averin)
- btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana)
- tracing: Constify string literal data member in struct trace_event_call (Christian Göttsche)
- bpf: fix recursive lock when verdict program return SK_PASS (Jiayuan Chen)
- ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029070] {CVE-2024-44986}
- ipv6: use skb_expand_head in ip6_xmit (Vasily Averin)
- ipv6: use skb_expand_head in ip6_finish_output2 (Vasily Averin)
- skbuff: introduce skb_expand_head() (Vasily Averin)
- MIPS: Probe toolchain support of -msym32 (Jiaxun Yang)
- epoll: Add synchronous wakeup support for ep_poll_callback (Xuewen Yan)
- virtio-blk: don't keep queue frozen during system suspend (Ming Lei)
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (Ranjan Kumar)
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (Armin Wolf)
- regmap: Use correct format specifier for logging range errors (Mark Brown)
- scsi: megaraid_sas: Fix for a potential deadlock (Tomas Henzl)
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (Magnus Lindholm)
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (Masami Hiramatsu (Google))
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (Chen Ridong) [Orabug: 37452681] {CVE-2024-56767}
- dmaengine: mv_xor: fix child node refcount handling in early exit (Javier Carrasco)
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (Zijun Hu)
- phy: core: Fix that API devm_phy_put() fails to release the phy (Zijun Hu)
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (Zijun Hu)
- phy: core: Fix an OF node refcount leakage in _of_phy_get() (Zijun Hu)
- mtd: diskonchip: Cast an operand to prevent potential overflow (Zichen Xie)
- bpf: Check negative offsets in __bpf_skb_min_len() (Cong Wang)
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (Nikita Zhandarovich) [Orabug: 37452687] {CVE-2024-56769}
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (Zijun Hu)
- of: Fix error path in of_parse_phandle_with_args_map() (Herve Codina)
- udmabuf: also check for F_SEAL_FUTURE_WRITE (Jann Horn)
- nilfs2: prevent use of deleted inode (Edward Adam Davis)
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (Trond Myklebust)
- btrfs: tree-checker: reject inline extent items with 0 ref count (Qu Wenruo)
- zram: refuse to use zero sized block device as backing device (Kairui Song)
- sh: clk: Fix clk_enable() to return 0 on NULL clk (Geert Uytterhoeven)
- USB: serial: option: add Telit FE910C04 rmnet compositions (Daniele Palmas)
- USB: serial: option: add MediaTek T7XX compositions (Jack Wu)
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (Mank Wang)
- USB: serial: option: add MeiG Smart SLM770A (Michal Hrusecky)
- USB: serial: option: add TCL IK512 MBIM & ECM (Daniel Swanemar)
- efivarfs: Fix error on non-existent file (James Bottomley)
- i2c: riic: Always round-up when calculating bus period (Geert Uytterhoeven)
- chelsio/chtls: prevent potential integer overflow on 32bit (Dan Carpenter)
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (Prathamesh Shete)
- netfilter: ipset: Fix for recursive locking warning (Phil Sutter)
- net: ethernet: bgmac-platform: fix an OF node reference leak (Joe Hattori)
- net: hinic: Fix cleanup in create_rxqs/txqs() (Dan Carpenter)
- ionic: use ee->offset when returning sprom data (Shannon Nelson)
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (Guangguan Wang)
- erofs: fix incorrect symlink detection in fast symlink (Gao Xiang)
- erofs: fix order >= MAX_ORDER warning due to crafted negative i_size (Gao Xiang)
- drm/i915: Fix memory leak by correcting cache object name in error handler (Jiasheng Jiang)
- PCI: Add ACS quirk for Broadcom BCM5760X NIC (Ajit Khaparde)
- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (Takashi Iwai)
- PCI/AER: Disable AER service on suspend (Kai-Heng Feng)
- usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled (Peng Hongchi)
- net: sched: fix ordering of qlen adjustment (Lion Ackermann) [Orabug: 37433383] {CVE-2024-53164}

[5.4.17-2136.341.1.el8uek]
- kpcimgr: fix flush_icache_range arguments (Joe Dobosenski) [Orabug: 37525298]
- uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530220]

ELBA-2025-2603 Oracle Linux 8 fence-agents bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-2603

http://linux.oracle.com/errata/ELBA-2025-2603.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
fence-agents-all-4.2.1-129.el8_10.7.x86_64.rpm
fence-agents-amt-ws-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-apc-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-apc-snmp-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-bladecenter-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-brocade-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-cisco-mds-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-cisco-ucs-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-common-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-compute-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-drac5-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-eaton-snmp-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-emerson-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-eps-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-heuristics-ping-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-hpblade-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ibm-powervs-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ibm-vpc-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ibmblade-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ifmib-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ilo-moonshot-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ilo-mp-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ilo-ssh-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ilo2-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-intelmodular-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ipdu-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ipmilan-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-kdump-4.2.1-129.el8_10.7.x86_64.rpm
fence-agents-kubevirt-4.2.1-129.el8_10.7.x86_64.rpm
fence-agents-lpar-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-mpath-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-redfish-4.2.1-129.el8_10.7.x86_64.rpm
fence-agents-rhevm-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-rsa-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-rsb-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-sbd-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-scsi-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-virsh-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-vmware-rest-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-vmware-soap-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-wti-4.2.1-129.el8_10.7.noarch.rpm

aarch64:
fence-agents-all-4.2.1-129.el8_10.7.aarch64.rpm
fence-agents-amt-ws-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-apc-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-apc-snmp-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-bladecenter-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-brocade-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-cisco-mds-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-cisco-ucs-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-common-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-compute-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-drac5-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-eaton-snmp-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-emerson-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-eps-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-heuristics-ping-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-hpblade-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ibm-powervs-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ibm-vpc-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ibmblade-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ifmib-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ilo-moonshot-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ilo-mp-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ilo-ssh-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ilo2-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-intelmodular-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ipdu-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-ipmilan-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-kdump-4.2.1-129.el8_10.7.aarch64.rpm
fence-agents-kubevirt-4.2.1-129.el8_10.7.aarch64.rpm
fence-agents-mpath-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-redfish-4.2.1-129.el8_10.7.aarch64.rpm
fence-agents-rhevm-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-rsa-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-rsb-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-sbd-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-scsi-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-virsh-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-vmware-rest-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-vmware-soap-4.2.1-129.el8_10.7.noarch.rpm
fence-agents-wti-4.2.1-129.el8_10.7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//fence-agents-4.2.1-129.el8_10.7.src.rpm

Description of changes:

[4.2.1-129.7]
- fence_azure_arm: use azure-identity instead of msrestazure, which has
been deprecated
Resolves: RHEL-76492

[4.2.1-129.5]
- fence_scsi: preempt clears all devices on the mpath device, so only
run it for the first device
Resolves: RHEL-56840

[4.2.1-129.4]
- bundled setuptools: fix CVE-2024-6345
Resolves: RHEL-50223

[4.2.1-129.3]
- bundled urllib3: fix CVE-2024-37891
Resolves: RHEL-43568

[4.2.1-129.2]
- fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer
Resolves: RHEL-7734
- bundled jinja2: fix CVE-2024-34064
Resolves: RHEL-35655

ELSA-2025-2473 Important: Oracle Linux 8 kernel security update

Oracle Linux Security Advisory ELSA-2025-2473

http://linux.oracle.com/errata/ELSA-2025-2473.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.44.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.44.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.44.1.el8_10.x86_64.rpm
perf-4.18.0-553.44.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.44.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.44.1.el8_10.x86_64.rpm

aarch64:
bpftool-4.18.0-553.44.1.el8_10.aarch64.rpm
kernel-cross-headers-4.18.0-553.44.1.el8_10.aarch64.rpm
kernel-headers-4.18.0-553.44.1.el8_10.aarch64.rpm
kernel-tools-4.18.0-553.44.1.el8_10.aarch64.rpm
kernel-tools-libs-4.18.0-553.44.1.el8_10.aarch64.rpm
perf-4.18.0-553.44.1.el8_10.aarch64.rpm
python3-perf-4.18.0-553.44.1.el8_10.aarch64.rpm
kernel-tools-libs-devel-4.18.0-553.44.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-4.18.0-553.44.1.el8_10.src.rpm

Related CVEs:

CVE-2024-50302
CVE-2024-53197
CVE-2024-57807
CVE-2024-57979

Description of changes:

[4.18.0-553.44.1.el8_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64

Grub2, Kernel, LibXML, and more updates for RHEL

Linux Kernel updates for SUSE

Kernel, Grafana, RSync, and more updates for Oracle

ELSA-2025-20152 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELSA-2025-20152 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

ELSA-2025-20152 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

ELBA-2025-2606 Oracle Linux 8 grafana bug fix update

ELSA-2025-2600 Moderate: Oracle Linux 8 rsync security update

ELSA-2025-20153 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

ELSA-2025-1718 Important: Oracle Linux 7 bind security update

ELBA-2025-2617 Oracle Linux 8 libselinux bug fix update

ELBA-2025-2605 Oracle Linux 8 geocode-glib bug fix update

ELSA-2025-2502 Important: Oracle Linux 8 tigervnc security update

ELSA-2025-20153 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELBA-2025-2603 Oracle Linux 8 fence-agents bug fix update

ELSA-2025-2473 Important: Oracle Linux 8 kernel security update

Windows

Linux

macOS

Community