Описание
ELSA-2026-3083: kernel security update (IMPORTANT)
[4.18.0-553.107.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]
[4.18.0-553.107.1]
- autofs: use wake_up() instead of wake_up_interruptible(() (Ian Kent) [RHEL-143685]
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (Ian Kent) [RHEL-143685] {CVE-2023-54134}
- i40e: validate ring_len parameter against hardware-specific values (CKI Backport Bot) [RHEL-141709]
- xfs: set max_agbno to allow sparse alloc of last full inode chunk (Brian Foster) [RHEL-136693]
- audit: merge loops in __audit_inode_child() (Ricardo Robaina) [RHEL-140442]
[4.18.0-553.106.1]
- bridge: mcast: Fix use-after-free during router port configuration (Mohammad Heib) [RHEL-138422] {CVE-2025-38248}
- net/sched: Enforce that teql can only be used as root qdisc (CKI Backport Bot) [RHEL-146992] {CVE-2026-23074}
- page_pool: Fix use-after-free in page_pool_recycle_in_ring (Marc Milgram) [RHEL-137838] {CVE-2025-38129}
- mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CKI Backport Bot) [RHEL-143189] {CVE-2025-68800}
- smc: Fix use-after-free in __pnet_find_base_ndev(). (Mete Durlu) [RHEL-126886] {CVE-2025-40064}
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
kernel-tools-libs-devel
4.18.0-553.107.1.el8_10
bpftool
4.18.0-553.107.1.el8_10
kernel-cross-headers
4.18.0-553.107.1.el8_10
kernel-headers
4.18.0-553.107.1.el8_10
kernel-tools
4.18.0-553.107.1.el8_10
kernel-tools-libs
4.18.0-553.107.1.el8_10
perf
4.18.0-553.107.1.el8_10
python3-perf
4.18.0-553.107.1.el8_10
Oracle Linux x86_64
kernel-tools-libs-devel
4.18.0-553.107.1.el8_10
bpftool
4.18.0-553.107.1.el8_10
kernel
4.18.0-553.107.1.el8_10
kernel-abi-stablelists
4.18.0-553.107.1.el8_10
kernel-core
4.18.0-553.107.1.el8_10
kernel-cross-headers
4.18.0-553.107.1.el8_10
kernel-debug
4.18.0-553.107.1.el8_10
kernel-debug-core
4.18.0-553.107.1.el8_10
kernel-debug-devel
4.18.0-553.107.1.el8_10
kernel-debug-modules
4.18.0-553.107.1.el8_10
kernel-debug-modules-extra
4.18.0-553.107.1.el8_10
kernel-devel
4.18.0-553.107.1.el8_10
kernel-doc
4.18.0-553.107.1.el8_10
kernel-headers
4.18.0-553.107.1.el8_10
kernel-modules
4.18.0-553.107.1.el8_10
kernel-modules-extra
4.18.0-553.107.1.el8_10
kernel-tools
4.18.0-553.107.1.el8_10
kernel-tools-libs
4.18.0-553.107.1.el8_10
perf
4.18.0-553.107.1.el8_10
python3-perf
4.18.0-553.107.1.el8_10
Ссылки на источники
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of size 8 at addr ffff8880286045a0 by task syz.0.284/6943 CPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline] _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396...
In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of size 8 at addr ffff8880286045a0 by task syz.0.284/6943 CPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline] _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396...
In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of size 8 at addr ffff8880286045a0 by task syz.0.284/6943 CPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline] _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spi
In the Linux kernel, the following vulnerability has been resolved: p ...