Описание
ELSA-2026-1143: kernel security update (IMPORTANT)
[5.14.0-611.26.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]
[5.14.0-611.26.1]
- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (CKI Backport Bot) [RHEL-139462] {CVE-2025-68305}
- dm: fix dm_blk_report_zones (CKI Backport Bot) [RHEL-137949] {CVE-2025-38141}
- Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (CKI Backport Bot) [RHEL-136964] {CVE-2025-40294}
- drm/xe: Fix vm_bind_ioctl double free bug (CKI Backport Bot) [RHEL-122309] {CVE-2025-38731}
[5.14.0-611.25.1]
- ice: Fix kernel panic due to page refcount underflow (Mohammad Heib) [RHEL-139731]
- net: atlantic: fix fragment overflow handling in RX path (CKI Backport Bot) [RHEL-139487] {CVE-2025-68301}
- KVM: arm64: Hide ID_AA64MMFR2_EL1.NV from guest and userspace (Donald Dutile) [RHEL-134767]
- Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6 (Guillaume Nault) [RHEL-138493]
- vsock: Ignore signal/timeout on connect() if already established (CKI Backport Bot) [RHEL-139284] {CVE-2025-40248}
- eventpoll: don't decrement ep refcount while still holding the ep mutex (CKI Backport Bot) [RHEL-138035] {CVE-2025-38349}
- block: don't freeze queue for updating queue limits (Ming Lei) [RHEL-135268]
- mptcp: fix race condition in mptcp_schedule_work() (CKI Backport Bot) [RHEL-134448] {CVE-2025-40258}
- uprobes: Fix race in uprobe_free_utask (Jay Shin) [RHEL-133868]
- dpll: zl3073x: Specify phase adjustment granularity for pins (Ivan Vecera) [RHEL-129504]
- dpll: add phase-adjust-gran pin attribute (Ivan Vecera) [RHEL-129504]
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
kernel-cross-headers
5.14.0-611.26.1.el9_7
kernel-tools-libs-devel
5.14.0-611.26.1.el9_7
libperf
5.14.0-611.26.1.el9_7
kernel-tools
5.14.0-611.26.1.el9_7
kernel-tools-libs
5.14.0-611.26.1.el9_7
kernel-headers
5.14.0-611.26.1.el9_7
perf
5.14.0-611.26.1.el9_7
python3-perf
5.14.0-611.26.1.el9_7
rtla
5.14.0-611.26.1.el9_7
rv
5.14.0-611.26.1.el9_7
Oracle Linux x86_64
kernel-debug-devel
5.14.0-611.26.1.el9_7
kernel-debug-devel-matched
5.14.0-611.26.1.el9_7
kernel-devel
5.14.0-611.26.1.el9_7
kernel-devel-matched
5.14.0-611.26.1.el9_7
kernel-doc
5.14.0-611.26.1.el9_7
kernel-headers
5.14.0-611.26.1.el9_7
perf
5.14.0-611.26.1.el9_7
python3-perf
5.14.0-611.26.1.el9_7
rtla
5.14.0-611.26.1.el9_7
rv
5.14.0-611.26.1.el9_7
kernel-cross-headers
5.14.0-611.26.1.el9_7
kernel-tools-libs-devel
5.14.0-611.26.1.el9_7
libperf
5.14.0-611.26.1.el9_7
kernel
5.14.0-611.26.1.el9_7
kernel-abi-stablelists
5.14.0-611.26.1.el9_7
kernel-core
5.14.0-611.26.1.el9_7
kernel-debug
5.14.0-611.26.1.el9_7
kernel-debug-core
5.14.0-611.26.1.el9_7
kernel-debug-modules
5.14.0-611.26.1.el9_7
kernel-debug-modules-core
5.14.0-611.26.1.el9_7
kernel-debug-modules-extra
5.14.0-611.26.1.el9_7
kernel-debug-uki-virt
5.14.0-611.26.1.el9_7
kernel-modules
5.14.0-611.26.1.el9_7
kernel-modules-core
5.14.0-611.26.1.el9_7
kernel-modules-extra
5.14.0-611.26.1.el9_7
kernel-tools
5.14.0-611.26.1.el9_7
kernel-tools-libs
5.14.0-611.26.1.el9_7
kernel-uki-virt
5.14.0-611.26.1.el9_7
kernel-uki-virt-addons
5.14.0-611.26.1.el9_7
Ссылки на источники
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that md->zone_revalidate_map will change while calling this function. Only read it once, so that we are always using the same value. Otherwise we might miss a call to dm_put_live_table(). Finally, while md->zone_revalidate_map is set and a process is calling blk_revalidate_disk_zones() to set up the zone append emulation resources, it is possible that another process, perhaps triggered by blkdev_report_zones_ioctl(), will call dm_blk_report_zones(). If blk_revalidate_disk_zones() fails, these resources can be freed while the other process is still using them, causing a use-after-free error. blk_revalidate_disk_zones() will only ever be called when initially setting up the zone append emulation resources, such as when setting up a zoned dm-crypt table for the first time. Further table swaps wil...
In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that md->zone_revalidate_map will change while calling this function. Only read it once, so that we are always using the same value. Otherwise we might miss a call to dm_put_live_table(). Finally, while md->zone_revalidate_map is set and a process is calling blk_revalidate_disk_zones() to set up the zone append emulation resources, it is possible that another process, perhaps triggered by blkdev_report_zones_ioctl(), will call dm_blk_report_zones(). If blk_revalidate_disk_zones() fails, these resources can be freed while the other process is still using them, causing a use-after-free error. blk_revalidate_disk_zones() will only ever be called when initially setting up the zone append emulation resources, such as when setting up a zoned dm-crypt table for the first time. Further table swaps wil...
In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that md->zone_revalidate_map will change while calling this function. Only read it once, so that we are always using the same value. Otherwise we might miss a call to dm_put_live_table(). Finally, while md->zone_revalidate_map is set and a process is calling blk_revalidate_disk_zones() to set up the zone append emulation resources, it is possible that another process, perhaps triggered by blkdev_report_zones_ioctl(), will call dm_blk_report_zones(). If blk_revalidate_disk_zones() fails, these resources can be freed while the other process is still using them, causing a use-after-free error. blk_revalidate_disk_zones() will only ever be called when initially setting up the zone append emulation resources, such as when setting up a zoned dm-crypt table for the first time. Further table swaps wi
In the Linux kernel, the following vulnerability has been resolved: d ...
In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that md->zone_revalidate_map will change while calling this function. Only read it once, so that we are always using the same value. Otherwise we might miss a call to dm_put_live_table(). Finally, while md->zone_revalidate_map is set and a process is calling blk_revalidate_disk_zones() to set up the zone append emulation resources, it is possible that another process, perhaps triggered by blkdev_report_zones_ioctl(), will call dm_blk_report_zones(). If blk_revalidate_disk_zones() fails, these resources can be freed while the other process is still using them, causing a use-after-free error. blk_revalidate_disk_zones() will only ever be called when initially setting up the zone append emulation resources, such as when setting up a zoned dm-crypt table for the first time. Further table swaps...