ELSA-2026-1690

Опубликовано: 02 фев. 2026

Источник: oracle-oval

Платформа: Oracle Linux 10

Описание

ELSA-2026-1690: kernel security update (IMPORTANT)

[6.12.0-124.31.1]

Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
Disable UKI signing [Orabug: 36571828]
Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
Add Oracle Linux IMA certificates
Update module name for cryptographic module [Orabug: 37400433]
Clean git history at setup stage

[6.12.0-124.31.1]

i40e: support generic devlink param 'max_mac_per_vf' (Mohammad Heib) [RHEL-121647]
devlink: Add new 'max_mac_per_vf' generic device param (Mohammad Heib) [RHEL-121647]
i40e: improve VF MAC filters accounting (Mohammad Heib) [RHEL-121647]
KVM: arm64: Hide ID_AA64MMFR2_EL1.NV from guest and userspace (Donald Dutile) [RHEL-134763]
scsi: st: Skip buffer flush for information ioctls (Ewan D. Milne) [RHEL-136289]
scsi: st: Separate st-unique ioctl handling from SCSI common ioctl handling (Ewan D. Milne) [RHEL-136289]
scsi: st: Don't set pos_unknown just after device recognition (Ewan D. Milne) [RHEL-136289]
scsi: st: New session only when Unit Attention for new tape (Ewan D. Milne) [RHEL-136289]
scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (Ewan D. Milne) [RHEL-136289]
scsi: st: Don't modify unknown block number in MTIOCGET (Ewan D. Milne) [RHEL-136289]
xfs: rework datasync tracking and execution (CKI Backport Bot) [RHEL-126599]
xfs: rearrange code in xfs_inode_item_precommit (CKI Backport Bot) [RHEL-126599]
s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (Luiz Capitulino) [RHEL-133336]
s390: mm: add stub for hugetlb_optimize_vmemmap_key (Luiz Capitulino) [RHEL-133336]
x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers (Ricardo Robaina) [RHEL-129452]
x86/kaslr: Reduce KASLR entropy on most x86 systems (Ricardo Robaina) [RHEL-129452]
x86/boot/compressed: Remove unused header includes from kaslr.c (Ricardo Robaina) [RHEL-129452]
RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem (CKI Backport Bot) [RHEL-134363] {CVE-2025-38022}
uprobes: Fix race in uprobe_free_utask (Jay Shin) [RHEL-133456]
ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (CKI Backport Bot) [RHEL-129115] {CVE-2025-40154}

[6.12.0-124.30.1]

io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (Jeff Moyer) [RHEL-129623] {CVE-2025-38453}
net: atlantic: fix fragment overflow handling in RX path (CKI Backport Bot) [RHEL-139490] {CVE-2025-68301}
Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (CKI Backport Bot) [RHEL-139465] {CVE-2025-68305}
vsock: Ignore signal/timeout on connect() if already established (CKI Backport Bot) [RHEL-139287] {CVE-2025-40248}
net: use dst_dev_rcu() in sk_setup_caps() (Hangbin Liu) [RHEL-129087] {CVE-2025-40170}
ipv6: use RCU in ip6_xmit() (Hangbin Liu) [RHEL-129026] {CVE-2025-40135}
ipv6: use RCU in ip6_output() (Hangbin Liu) [RHEL-128991] {CVE-2025-40158}
net: dst: introduce dst->dev_rcu (Hangbin Liu) [RHEL-129026]
net: Add locking to protect skb->dev access in ip_output (Hangbin Liu) [RHEL-129026]
net: dst: add four helpers to annotate data-races around dst->dev (Hangbin Liu) [RHEL-129026]
eventpoll: don't decrement ep refcount while still holding the ep mutex (CKI Backport Bot) [RHEL-138041] {CVE-2025-38349}
fs/proc: fix uaf in proc_readdir_de() (CKI Backport Bot) [RHEL-137101] {CVE-2025-40271}
Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (CKI Backport Bot) [RHEL-136972] {CVE-2025-40294}
Bluetooth: hci_event: validate skb length for unknown CC opcode (CKI Backport Bot) [RHEL-136951] {CVE-2025-40301}
net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CKI Backport Bot) [RHEL-136836] {CVE-2025-38568}
Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (CKI Backport Bot) [RHEL-136259] {CVE-2025-40318}
devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CKI Backport Bot) [RHEL-134926] {CVE-2025-40251}
mptcp: fix race condition in mptcp_schedule_work() (CKI Backport Bot) [RHEL-134451] {CVE-2025-40258}
irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (CKI Backport Bot) [RHEL-131989] {CVE-2025-37819}
drm/xe: Fix vm_bind_ioctl double free bug (Anusha Srivatsa) [RHEL-122312] {CVE-2025-38731}

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

kernel-headers

6.12.0-124.31.1.el10_1

perf

6.12.0-124.31.1.el10_1

python3-perf

6.12.0-124.31.1.el10_1

rtla

6.12.0-124.31.1.el10_1

kernel-tools

6.12.0-124.31.1.el10_1

kernel-tools-libs

6.12.0-124.31.1.el10_1

kernel-cross-headers

6.12.0-124.31.1.el10_1

kernel-tools-libs-devel

6.12.0-124.31.1.el10_1

libperf

6.12.0-124.31.1.el10_1

Oracle Linux x86_64

kernel-debug-devel

6.12.0-124.31.1.el10_1

kernel-debug-devel-matched

6.12.0-124.31.1.el10_1

kernel-devel

6.12.0-124.31.1.el10_1

kernel-devel-matched

6.12.0-124.31.1.el10_1

kernel-doc

6.12.0-124.31.1.el10_1

kernel-headers

6.12.0-124.31.1.el10_1

perf

6.12.0-124.31.1.el10_1

python3-perf

6.12.0-124.31.1.el10_1

rtla

6.12.0-124.31.1.el10_1

kernel

6.12.0-124.31.1.el10_1

kernel-abi-stablelists

6.12.0-124.31.1.el10_1

kernel-core

6.12.0-124.31.1.el10_1

kernel-debug

6.12.0-124.31.1.el10_1

kernel-debug-core

6.12.0-124.31.1.el10_1

kernel-debug-modules

6.12.0-124.31.1.el10_1

kernel-debug-modules-core

6.12.0-124.31.1.el10_1

kernel-debug-modules-extra

6.12.0-124.31.1.el10_1

kernel-debug-uki-virt

6.12.0-124.31.1.el10_1

kernel-modules

6.12.0-124.31.1.el10_1

kernel-modules-core

6.12.0-124.31.1.el10_1

kernel-modules-extra

6.12.0-124.31.1.el10_1

kernel-modules-extra-matched

6.12.0-124.31.1.el10_1

kernel-tools

6.12.0-124.31.1.el10_1

kernel-tools-libs

6.12.0-124.31.1.el10_1

kernel-uki-virt

6.12.0-124.31.1.el10_1

kernel-uki-virt-addons

6.12.0-124.31.1.el10_1

kernel-cross-headers

6.12.0-124.31.1.el10_1

kernel-tools-libs-devel

6.12.0-124.31.1.el10_1

libperf

6.12.0-124.31.1.el10_1

Связанные CVE

Ссылки на источники

Связанные уязвимости

CVE-2025-37819

CVSS3: 7.8

ubuntu

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, causing it to be freed, while being registered with the PCI subsystem and could trigger: Unable to handle kernel paging request at virtual address ffff8000816c0400 gicv2m_get_fwnode+0x0/0x58 (P) pci_set_bus_msi_domain+0x74/0x88 pci_register_host_bridge+0x194/0x548 This is easily reproducible on a Juno board with ACPI boot. Retain the function for later use.