- kernel-uek-5.15.0-312.187.5.3.el9uek (oel9-uek7)
- 5.15.0-314.193.5.4.el9uek
- 2025-12-03 11:35:48
- 2025-12-04 08:44:34
- K20251203_16
- CVE-2025-38466
- Description:
perf: Revert to requiring CAP_SYS_ADMIN for uprobes
- CVE: https://linux.oracle.com/cve/CVE-2025-38466.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38466-perf-revert-to-requiring-cap-sys-admin-for-uprobes.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38441
- Description:
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
- CVE: https://linux.oracle.com/cve/CVE-2025-38441.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38441-netfilter-flowtable-account-for-ethernet-header-in-nf-flow-pppoe-proto.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38443
- Description:
nbd: fix uaf in nbd_genl_connect() error path
- CVE: https://linux.oracle.com/cve/CVE-2025-38443.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38443-nbd-fix-uaf-in-nbd-genl-connect-error-path.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38444
- Description:
raid10: cleanup memleak at raid10_make_request
- CVE: https://linux.oracle.com/cve/CVE-2025-38444.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38444-raid10-cleanup-memleak-at-raid10-make-request.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2024-26775
- Description:
aoe: avoid potential deadlock at set_capacity
- CVE: https://linux.oracle.com/cve/CVE-2024-26775.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2024-26775-aoe-avoid-potential-deadlock-at-set-capacity.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38467
- Description:
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
- CVE: https://linux.oracle.com/cve/CVE-2025-38467.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38467-drm-exynos-exynos7-drm-decon-add-vblank-check-in-irq-handling.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38464
- Description:
tipc: Fix use-after-free in tipc_conn_close().
- CVE: https://linux.oracle.com/cve/CVE-2025-38464.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38464-tipc-fix-use-after-free-in-tipc-conn-close.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38457
- Description:
net/sched: Abort __tc_modify_qdisc if parent class does not exist
- CVE: https://linux.oracle.com/cve/CVE-2025-38457.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38457-net-sched-abort-tc-modify-qdisc-if-parent-class-does-not-exist.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38445
- Description:
md/raid1: Fix stack memory use after return in raid1_reshape
- CVE: https://linux.oracle.com/cve/CVE-2025-38445.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38445-md-raid1-fix-stack-memory-use-after-return-in-raid1-reshape.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38569
- Description:
benet: fix BUG when creating VFs
- CVE: https://linux.oracle.com/cve/CVE-2025-38569.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38569-benet-fix-bug-when-creating-vfs.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38236
- Description:
Complex adaptation required. Livepatching of this vulnerability can harm the network subsystem..
- CVE:
- Patch: skipped/CVE-2025-38236.patch
- From:
- CVE-2025-38462
- Description:
vsock: Fix transport_{g2h,h2g} TOCTOU
- CVE: https://linux.oracle.com/cve/CVE-2025-38462.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38462-vsock-fix-transport-g2h-h2g-toctou.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38461
- Description:
vsock: Fix transport_* TOCTOU
- CVE: https://linux.oracle.com/cve/CVE-2025-38461.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38461-vsock-fix-transport-toctou.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38375
- Description:
virtio-net: ensure the received length does not exceed allocated size
- CVE: https://linux.oracle.com/cve/CVE-2025-38375.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38375-virtio-net-ensure-the-received-length-does-not-exceed-allocated-size.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-39866
- Description:
fs: writeback: fix use-after-free in __mark_inode_dirty()
- CVE: https://linux.oracle.com/cve/CVE-2025-39866.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-39866-fs-writeback-fix-use-after-free-in-mark-inode-dirty.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38067
- Description:
rseq: Fix segfault on registration when rseq_cs is non-zero
- CVE: https://linux.oracle.com/cve/CVE-2025-38067.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38067-rseq-fix-segfault-on-registration-when-rseq-cs-is-non-zero.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38465
- Description:
netlink: Fix wraparounds of sk->sk_rmem_alloc.
- CVE: https://linux.oracle.com/cve/CVE-2025-38465.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38465-netlink-fix-wraparounds-of-sk-sk-rmem-alloc.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38448
- Description:
usb: gadget: u_serial: Fix race condition in TTY wakeup
- CVE: https://linux.oracle.com/cve/CVE-2025-38448.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38448-usb-gadget-u-serial-fix-race-condition-in-tty-wakeup.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38439
- Description:
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
- CVE: https://linux.oracle.com/cve/CVE-2025-38439.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38439-bnxt-en-set-dma-unmap-len-correctly-for-xdp-redirect.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38727
- Description:
netlink: avoid infinite retry looping in netlink_unicast()
- CVE: https://linux.oracle.com/cve/CVE-2025-38727.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38727-netlink-avoid-infinite-retry-looping-in-netlink-unicast.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38513
- Description:
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
- CVE: https://linux.oracle.com/cve/CVE-2025-38513.html
- Patch: oel9-uek7/5.15.0-313.189.5.1.el9uek/CVE-2025-38513-wifi-zd1211rw-fix-potential-null-pointer-dereference-in-zd-mac-tx-to-dev.patch
- From: 5.15.0-313.189.5.1.el9uek
- CVE-2025-38724
- Description:
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
- CVE: https://linux.oracle.com/cve/CVE-2025-38724.html
- Patch: oel9-uek7/5.15.0-313.189.5.2.el9uek/CVE-2025-38724-nfsd-handle-get-client-locked-failure-in-nfsd4-setclientid-confirm.patch
- From: 5.15.0-313.189.5.2.el9uek
- CVE-2025-39973
- Description:
i40e: add validation for ring_len param
- CVE: https://linux.oracle.com/cve/CVE-2025-39973.html
- Patch: oel9-uek7/5.15.0-313.189.5.3.el9uek/CVE-2025-39973-i40e-add-validation-for-ring-len-param.patch
- From: 5.15.0-313.189.5.3.el9uek
- CVE-2025-38535
- Description:
phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode
- CVE: https://linux.oracle.com/cve/CVE-2025-38535.html
- Patch: oel9-uek7/5.15.0-314.193.5.3.el9uek/CVE-2025-38535-phy-tegra-xusb-fix-unbalanced-regulator-disable-in-utmi-phy-mode.patch
- From: 5.15.0-314.193.5.3.el9uek
- CVE-2025-38497
- Description:
usb: gadget: configfs: Fix OOB read on empty string write
- CVE: https://linux.oracle.com/cve/CVE-2025-38497.html
- Patch: oel9-uek7/5.15.0-314.193.5.3.el9uek/CVE-2025-38497-usb-gadget-configfs-fix-oob-read-on-empty-string-write.patch
- From: 5.15.0-314.193.5.3.el9uek
- CVE-2025-38474
- Description:
usb: net: sierra: check for no status endpoint
- CVE: https://linux.oracle.com/cve/CVE-2025-38474.html
- Patch: oel9-uek7/5.15.0-314.193.5.3.el9uek/CVE-2025-38474-usb-net-sierra-check-for-no-status-endpoint.patch
- From: 5.15.0-314.193.5.3.el9uek
- CVE-2025-38550
- Description:
ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
- CVE: https://linux.oracle.com/cve/CVE-2025-38550.html
- Patch: oel9-uek7/5.15.0-314.193.5.3.el9uek/CVE-2025-38550-ipv6-mcast-delay-put-pmc-idev-in-mld-del-delrec.patch
- From: 5.15.0-314.193.5.3.el9uek
- CVE-2025-38335
- Description:
PEEMPT_RT config isn't enabled
- CVE:
- Patch: skipped/CVE-2025-38335.patch
- From:
- CVE-2025-38604
- Description:
wifi: rtl818x: Kill URBs before clearing tx status queue
- CVE: https://linux.oracle.com/cve/CVE-2025-38604.html
- Patch: oel9-uek7/5.15.0-314.193.5.3.el9uek/CVE-2025-38604-wifi-rtl818x-kill-urbs-before-clearing-tx-status-queue.patch
- From: 5.15.0-314.193.5.3.el9uek
- CVE-2025-39730
- Description:
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
- CVE: https://linux.oracle.com/cve/CVE-2025-39730.html
- Patch: oel9-uek7/5.15.0-314.193.5.3.el9uek/CVE-2025-39730-nfs-fix-filehandle-bounds-checking-in-nfs-fh-to-dentry.patch
- From: 5.15.0-314.193.5.3.el9uek
- CVE-2025-38572
- Description:
ipv6: reject malicious packets in ipv6_gso_segment()
- CVE: https://linux.oracle.com/cve/CVE-2025-38572.html
- Patch: oel9-uek7/5.15.0-314.193.5.3.el9uek/CVE-2025-38572-ipv6-reject-malicious-packets-in-ipv6-gso-segment.patch
- From: 5.15.0-314.193.5.3.el9uek
- CVE-2025-39757
- Description:
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
- CVE: https://linux.oracle.com/cve/CVE-2025-39757.html
- Patch: oel9-uek7/5.15.0-314.193.5.3.el9uek/CVE-2025-39757-alsa-usb-audio-validate-uac3-cluster-segment-descriptors.patch
- From: 5.15.0-314.193.5.3.el9uek
- CVE-2025-39757
- Description:
ALSA: usb-audio: Fix size validation in convert_chmap_v3()
- CVE: https://linux.oracle.com/cve/CVE-2025-39757.html
- Patch: oel9-uek7/5.15.0-314.193.5.3.el9uek/CVE-2025-39757-ALSA-usb-audio-fix-size-validation-in-convert_chmap_v3.patch
- From: 5.15.0-314.193.5.3.el9uek
- N/A
- Description:
kpatch add alt asm definitions
- CVE: https://www.kernel.org
- Patch: 5.15.0/kpatch-add-alt-asm-definitions.patch
- From: N/A
- N/A
- Description:
kpatch add paravirt asm definitions
- CVE: N/A
- Patch: 5.15.0/kpatch-add-paravirt-asm-definitions.patch
- From: N/A