Описание
ELSA-2026-3488: kernel security update (MODERATE)
[5.14.0-611.36.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]
[5.14.0-611.36.1]
- net/smc: Remove validation of reserved bits in CLC Decline message (Mete Durlu) [RHEL-143718]
- autofs: dont trigger mount if it cant succeed (Ian Kent) [RHEL-149495]
- migrate: correct lock ordering for hugetlb file folios (Luiz Capitulino) [RHEL-147266] {CVE-2026-23097}
- ice: PTP: fix missing timestamps on E825 hardware (CKI Backport Bot) [RHEL-148166]
- fou: Don't allow 0 for FOU_ATTR_IPPROTO. (Xin Long) [RHEL-144987]
- tools: ynl: Specify --no-line-number in ynl-regen.sh. (Xin Long) [RHEL-144987]
- gue: Fix skb memleak with inner IP protocol 0. (Xin Long) [RHEL-144987]
- netlink: specs: fou: replace underscores with dashes in names (Xin Long) [RHEL-144987]
- fou: fix initialization of grc (Xin Long) [RHEL-144987]
- fou: Fix null-ptr-deref in GRO. (Xin Long) [RHEL-144987]
- fou: remove warn in gue_gro_receive on unsupported protocol (Xin Long) [RHEL-144987]
- fou: Remove XRFM from NET_FOU Kconfig (Xin Long) [RHEL-144987]
- fou: remove sparse errors (Xin Long) [RHEL-144987]
- redhat: enable FOU modules in kernel-modules-extra (Xin Long) [RHEL-144987]
- s390/mm: Fix __ptep_rdp() inline assembly (Mete Durlu) [RHEL-143713]
- dpll: expose fractional frequency offset in ppt (Ivan Vecera) [RHEL-146357]
- dpll: zl3073x: Implement device mode setting support (Ivan Vecera) [RHEL-147459]
- dpll: add dpll_device op to set working mode (Ivan Vecera) [RHEL-147459]
- dpll: add dpll_device op to get supported modes (Ivan Vecera) [RHEL-147459]
- i40e: add rh_phys_port_name mod option to behave like upstream (CKI Backport Bot) [RHEL-128237]
- ice: add rh_phys_port_name mod option to behave like upstream (CKI Backport Bot) [RHEL-128237]
- scsi: qla2xxx: Fix bsg_done() causing double free (Ewan D. Milne) [RHEL-146049]
- ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CKI Backport Bot) [RHEL-143545] {CVE-2025-71085}
- tick/sched: Limit non-timekeeper CPUs calling jiffies update (Phil Auld) [RHEL-141462]
- smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). (Mete Durlu) [RHEL-130017] {CVE-2025-40168}
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
kernel-cross-headers
5.14.0-611.36.1.el9_7
kernel-tools-libs-devel
5.14.0-611.36.1.el9_7
libperf
5.14.0-611.36.1.el9_7
kernel-tools
5.14.0-611.36.1.el9_7
kernel-tools-libs
5.14.0-611.36.1.el9_7
kernel-headers
5.14.0-611.36.1.el9_7
perf
5.14.0-611.36.1.el9_7
python3-perf
5.14.0-611.36.1.el9_7
rtla
5.14.0-611.36.1.el9_7
rv
5.14.0-611.36.1.el9_7
Oracle Linux x86_64
kernel-debug-devel
5.14.0-611.36.1.el9_7
kernel-debug-devel-matched
5.14.0-611.36.1.el9_7
kernel-devel
5.14.0-611.36.1.el9_7
kernel-devel-matched
5.14.0-611.36.1.el9_7
kernel-doc
5.14.0-611.36.1.el9_7
kernel-headers
5.14.0-611.36.1.el9_7
perf
5.14.0-611.36.1.el9_7
python3-perf
5.14.0-611.36.1.el9_7
rtla
5.14.0-611.36.1.el9_7
rv
5.14.0-611.36.1.el9_7
kernel-cross-headers
5.14.0-611.36.1.el9_7
kernel-tools-libs-devel
5.14.0-611.36.1.el9_7
libperf
5.14.0-611.36.1.el9_7
kernel
5.14.0-611.36.1.el9_7
kernel-abi-stablelists
5.14.0-611.36.1.el9_7
kernel-core
5.14.0-611.36.1.el9_7
kernel-debug
5.14.0-611.36.1.el9_7
kernel-debug-core
5.14.0-611.36.1.el9_7
kernel-debug-modules
5.14.0-611.36.1.el9_7
kernel-debug-modules-core
5.14.0-611.36.1.el9_7
kernel-debug-modules-extra
5.14.0-611.36.1.el9_7
kernel-debug-uki-virt
5.14.0-611.36.1.el9_7
kernel-modules
5.14.0-611.36.1.el9_7
kernel-modules-core
5.14.0-611.36.1.el9_7
kernel-modules-extra
5.14.0-611.36.1.el9_7
kernel-tools
5.14.0-611.36.1.el9_7
kernel-tools-libs
5.14.0-611.36.1.el9_7
kernel-uki-virt
5.14.0-611.36.1.el9_7
kernel-uki-virt-addons
5.14.0-611.36.1.el9_7
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Note that the returned value of smc_clc_prfx_match() is not used in the caller.
In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Note that the returned value of smc_clc_prfx_match() is not used in the caller.
In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Note that the returned value of smc_clc_prfx_match() is not used in the caller.
