ELSA-2026-2282

Описание

[6.12.0-124.35.1]

• Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
• Disable UKI signing [Orabug: 36571828]
• Update Oracle Linux certificates (Kevin Lyons)
• Disable signing for aarch64 (Ilya Okomin)
• Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
• Update x509.genkey [Orabug: 24817676]
• Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
• Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
• Add Oracle Linux IMA certificates
• Update module name for cryptographic module [Orabug: 37400433]
• Clean git history at setup stage

[6.12.0-124.35.1]

• ice: Fix kernel panic due to page refcount underflow (CKI Backport Bot) [RHEL-139734]
• mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). (Davide Caratti) [RHEL-129044] {CVE-2025-40133}
• mptcp: Call dst_release() in mptcp_active_enable(). (Davide Caratti) [RHEL-129044]
• vsock/vmci: Clear the vmci transport packet properly when initializing it (CKI Backport Bot) [RHEL-137703] {CVE-2025-38403}

[6.12.0-124.34.1]

• ice: prevent NULL deref in ice_lag_move_new_vf_nodes() (Michal Schmidt) [RHEL-143255]
• svcrdma: use rc_pageoff for memcpy byte offset (CKI Backport Bot) [RHEL-142793] {CVE-2025-68811}
• exec: Make sure task->comm is always NUL-terminated (Luiz Capitulino) [RHEL-141711]
• lib/buildid: use __kernel_read() for sleepable context (Waiman Long) [RHEL-141229]
• net: bonding: update the slave array for broadcast mode (Hangbin Liu) [RHEL-138325]
• net: bonding: add broadcast_neighbor netlink option (Hangbin Liu) [RHEL-138325]
• net: bonding: add broadcast_neighbor option for 802.3ad (Hangbin Liu) [RHEL-138325]

[6.12.0-124.33.1]

• io_uring/net: commit partial buffers on retry (Jeff Moyer) [RHEL-137333] {CVE-2025-38730}
• smb: client: let recv_done verify data_offset, data_length and remaining_data_length (Paulo Alcantara) [RHEL-131394] {CVE-2025-39933}

[6.12.0-124.32.1]

• squashfs: fix memory leak in squashfs_fill_super (Abhi Das) [RHEL-138024] {CVE-2025-38415}
• Squashfs: check return result of sb_min_blocksize (CKI Backport Bot) [RHEL-138024] {CVE-2025-38415}
• fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CKI Backport Bot) [RHEL-137686] {CVE-2025-40304}
• fbdev: bitblit: bound-check glyph index in bit_putcs* (CKI Backport Bot) [RHEL-136945] {CVE-2025-40322}