Описание
ELSA-2026-2722: kernel security update (MODERATE)
[5.14.0-611.34.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]
[5.14.0-611.34.1]
- scsi: storvsc: Process unsupported MODE_SENSE_10 (Li Tian) [RHEL-145183]
- smb: client: Add tracepoint for krb5 auth (Paulo Alcantara) [RHEL-127498]
- smb: client: improve error message when creating SMB session (Paulo Alcantara) [RHEL-127498]
- smb: client: relax session and tcon reconnect attempts (Paulo Alcantara) [RHEL-127498]
- cifs: #include cifsglob.h before trace.h to allow structs in tracepoints (Paulo Alcantara) [RHEL-127498]
- smc: Fix use-after-free in __pnet_find_base_ndev(). (Mete Durlu) [RHEL-126890] {CVE-2025-40064}
[5.14.0-611.33.1]
- i40e: avoid redundant VF link state updates (CKI Backport Bot) [RHEL-141877]
- x86/sev: Guard sev_evict_cache() with CONFIG_AMD_MEM_ENCRYPT (Paolo Bonzini) [RHEL-128030]
- x86/sev: Evict cache lines during SNP memory validation (Paolo Bonzini) [RHEL-128030]
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Myron Stowe) [RHEL-132891] {CVE-2023-53034}
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CKI Backport Bot) [RHEL-137683] {CVE-2025-40304}
- crypto: iaa - Optimize rebalance_wq_table() (Jay Shin) [RHEL-137272]
- fbdev: bitblit: bound-check glyph index in bit_putcs* (CKI Backport Bot) [RHEL-136942] {CVE-2025-40322}
- bpf: Do not audit capability check in do_jit() (Jay Shin) [RHEL-135137]
[5.14.0-611.32.1]
- svcrdma: use rc_pageoff for memcpy byte offset (CKI Backport Bot) [RHEL-142790] {CVE-2025-68811}
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CKI Backport Bot) [RHEL-140260] {CVE-2025-68349}
[5.14.0-611.31.1]
- nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CKI Backport Bot) [RHEL-144332] {CVE-2026-22998}
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
kernel-cross-headers
5.14.0-611.34.1.el9_7
kernel-tools-libs-devel
5.14.0-611.34.1.el9_7
libperf
5.14.0-611.34.1.el9_7
kernel-headers
5.14.0-611.34.1.el9_7
perf
5.14.0-611.34.1.el9_7
python3-perf
5.14.0-611.34.1.el9_7
rtla
5.14.0-611.34.1.el9_7
rv
5.14.0-611.34.1.el9_7
kernel-tools
5.14.0-611.34.1.el9_7
kernel-tools-libs
5.14.0-611.34.1.el9_7
Oracle Linux x86_64
kernel
5.14.0-611.34.1.el9_7
kernel-abi-stablelists
5.14.0-611.34.1.el9_7
kernel-core
5.14.0-611.34.1.el9_7
kernel-debug
5.14.0-611.34.1.el9_7
kernel-debug-core
5.14.0-611.34.1.el9_7
kernel-debug-modules
5.14.0-611.34.1.el9_7
kernel-debug-modules-core
5.14.0-611.34.1.el9_7
kernel-debug-modules-extra
5.14.0-611.34.1.el9_7
kernel-debug-uki-virt
5.14.0-611.34.1.el9_7
kernel-modules
5.14.0-611.34.1.el9_7
kernel-modules-core
5.14.0-611.34.1.el9_7
kernel-modules-extra
5.14.0-611.34.1.el9_7
kernel-tools
5.14.0-611.34.1.el9_7
kernel-tools-libs
5.14.0-611.34.1.el9_7
kernel-uki-virt
5.14.0-611.34.1.el9_7
kernel-uki-virt-addons
5.14.0-611.34.1.el9_7
kernel-debug-devel
5.14.0-611.34.1.el9_7
kernel-debug-devel-matched
5.14.0-611.34.1.el9_7
kernel-devel
5.14.0-611.34.1.el9_7
kernel-devel-matched
5.14.0-611.34.1.el9_7
kernel-doc
5.14.0-611.34.1.el9_7
kernel-headers
5.14.0-611.34.1.el9_7
perf
5.14.0-611.34.1.el9_7
python3-perf
5.14.0-611.34.1.el9_7
rtla
5.14.0-611.34.1.el9_7
rv
5.14.0-611.34.1.el9_7
kernel-cross-headers
5.14.0-611.34.1.el9_7
kernel-tools-libs-devel
5.14.0-611.34.1.el9_7
libperf
5.14.0-611.34.1.el9_7
Ссылки на источники
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and size. This would make xlate_pos negative. [ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000 [ 23.734158] ================================================================================ [ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7 [ 23.734418] shift exponent -1 is negative Ensuring xlate_pos is a positive or zero before BIT.
In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and size. This would make xlate_pos negative. [ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000 [ 23.734158] ================================================================================ [ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7 [ 23.734418] shift exponent -1 is negative Ensuring xlate_pos is a positive or zero before BIT.