ELSA-2026-2720

Опубликовано: 16 фев. 2026

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2026-2720: kernel security update (MODERATE)

[4.18.0-553.105.1]

Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]

[4.18.0-553.105.1]

s390/ipl: Clear SBP flag when bootprog is set (Mete Durlu) [RHEL-145334]
Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: hci_conn: Consolidate code for aborting connections (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: Fix printing errors if LE Connection times out (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: hci_conn: Fix not cleaning up on LE Connection failure (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: hci_sync: hold hdev->lock when cleanup hci_conn (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: Move hci_abort_conn to hci_conn.c (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: mgmt: Fix using hci_conn_abort (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: hci_conn: Fix hci_connect_le_sync (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: hci_sync: Cleanup hci_conn if it cannot be aborted (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: hci_event: Fix checking for invalid handle on error status (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: hci_sync: fix undefined return of hci_disconnect_all_sync() (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: hci_event: Ignore multiple conn complete events (David Marlin) [RHEL-137111] {CVE-2023-53762}
Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (David Marlin) [RHEL-137111] {CVE-2023-53762}
fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CKI Backport Bot) [RHEL-137678] {CVE-2025-40304}
gfs2: Fix duplicate should_fault_in_pages() call (Andreas Gruenbacher) [RHEL-130505]
smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). (Mete Durlu) [RHEL-130012] {CVE-2025-40168}

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

kernel-tools-libs-devel

4.18.0-553.105.1.el8_10

bpftool

4.18.0-553.105.1.el8_10

kernel-cross-headers

4.18.0-553.105.1.el8_10

kernel-headers

4.18.0-553.105.1.el8_10

kernel-tools

4.18.0-553.105.1.el8_10

kernel-tools-libs

4.18.0-553.105.1.el8_10

perf

4.18.0-553.105.1.el8_10

python3-perf

4.18.0-553.105.1.el8_10

Oracle Linux x86_64

kernel-tools-libs-devel

4.18.0-553.105.1.el8_10

bpftool

4.18.0-553.105.1.el8_10

kernel

4.18.0-553.105.1.el8_10

kernel-abi-stablelists

4.18.0-553.105.1.el8_10

kernel-core

4.18.0-553.105.1.el8_10

kernel-cross-headers

4.18.0-553.105.1.el8_10

kernel-debug

4.18.0-553.105.1.el8_10

kernel-debug-core

4.18.0-553.105.1.el8_10

kernel-debug-devel

4.18.0-553.105.1.el8_10

kernel-debug-modules

4.18.0-553.105.1.el8_10

kernel-debug-modules-extra

4.18.0-553.105.1.el8_10

kernel-devel

4.18.0-553.105.1.el8_10

kernel-doc

4.18.0-553.105.1.el8_10

kernel-headers

4.18.0-553.105.1.el8_10

kernel-modules

4.18.0-553.105.1.el8_10

kernel-modules-extra

4.18.0-553.105.1.el8_10

kernel-tools

4.18.0-553.105.1.el8_10

kernel-tools-libs

4.18.0-553.105.1.el8_10

perf

4.18.0-553.105.1.el8_10

python3-perf

4.18.0-553.105.1.el8_10

Связанные CVE

CVE-2023-53762

CVE-2025-40168

CVE-2025-40304

Ссылки на источники

Связанные уязвимости

RLSA-2026:2720

rocky

28 дней назад

Moderate: kernel security update

CVE-2023-53762

ubuntu

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync Use-after-free can occur in hci_disconnect_all_sync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over the list backwards to ensure the links are cleanup before its parents, also it no longer relies on a cursor, instead it always uses the last element since hci_abort_conn_sync is guaranteed to call hci_conn_del. UAF crash log: ================================================================== BUG: KASAN: slab-use-after-free in hci_set_powered_sync (net/bluetooth/hci_sync.c:5424) [bluetooth] Read of size 8 at addr ffff888009d9c000 by task kworker/u9:0/124 CPU: 0 PID: 124 Comm: kworker/u9:0 Tainted: G W 6.5.0-rc1+ #10 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014 Workqueue: hci0 hci_cmd_sync_work [bluetooth] Call Trace: <TASK> dump_stack_lvl+0x5b/...

CVE-2023-53762

CVSS3: 7

redhat

4 месяца назад

CVE-2023-53762

nvd

4 месяца назад

CVE-2023-53762

debian

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: B ...