ELSA-2026-3963

Опубликовано: 09 мар. 2026

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2026-3963: kernel security update (IMPORTANT)

[4.18.0-553.111.1]

Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]

[4.18.0-553.111.1]

macvlan: fix possible UAF in macvlan_forward_source() (Hangbin Liu) [RHEL-144120] {CVE-2026-23001}

[4.18.0-553.110.1]

pNFS: fix a missing wake up while waiting on NFS_LAYOUT_DRAIN (Olga Kornievskaia) [RHEL-131922]
fbcon: Avoid using FNTCHARCNT() and hard-coded built-in font charcount (Jocelyn Falempe) [RHEL-148636]
audit: Use the new {get,put}_fs_pwd_pool() APIs to get/put pwd references (Waiman Long) [RHEL-146026]
fs: Add a pool of extra fs->pwd references to fs_struct (Waiman Long) [RHEL-146026]
ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CKI Backport Bot) [RHEL-143535] {CVE-2025-71085}

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

kernel-tools-libs-devel

4.18.0-553.111.1.el8_10

bpftool

4.18.0-553.111.1.el8_10

kernel-cross-headers

4.18.0-553.111.1.el8_10

kernel-headers

4.18.0-553.111.1.el8_10

kernel-tools

4.18.0-553.111.1.el8_10

kernel-tools-libs

4.18.0-553.111.1.el8_10

perf

4.18.0-553.111.1.el8_10

python3-perf

4.18.0-553.111.1.el8_10

Oracle Linux x86_64

kernel-tools-libs-devel

4.18.0-553.111.1.el8_10

bpftool

4.18.0-553.111.1.el8_10

kernel

4.18.0-553.111.1.el8_10

kernel-abi-stablelists

4.18.0-553.111.1.el8_10

kernel-core

4.18.0-553.111.1.el8_10

kernel-cross-headers

4.18.0-553.111.1.el8_10

kernel-debug

4.18.0-553.111.1.el8_10

kernel-debug-core

4.18.0-553.111.1.el8_10

kernel-debug-devel

4.18.0-553.111.1.el8_10

kernel-debug-modules

4.18.0-553.111.1.el8_10

kernel-debug-modules-extra

4.18.0-553.111.1.el8_10

kernel-devel

4.18.0-553.111.1.el8_10

kernel-doc

4.18.0-553.111.1.el8_10

kernel-headers

4.18.0-553.111.1.el8_10

kernel-modules

4.18.0-553.111.1.el8_10

kernel-modules-extra

4.18.0-553.111.1.el8_10

kernel-tools

4.18.0-553.111.1.el8_10

kernel-tools-libs

4.18.0-553.111.1.el8_10

perf

4.18.0-553.111.1.el8_10

python3-perf

4.18.0-553.111.1.el8_10

Связанные CVE

CVE-2025-71085

CVE-2026-23001

Ссылки на источники

Связанные уязвимости

ELSA-2026-4012

oracle-oval

16 дней назад

ELSA-2026-4012: kernel security update (IMPORTANT)

CVE-2026-23001

ubuntu

около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace period starts. This allows macvlan_forward_source() to skip over entries queued for freeing. Note that macvlan_dev are already RCU protected, as they are embedded in a standard netdev (netdev_priv(ndev)). https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u

CVE-2026-23001

CVSS3: 7.8

redhat

2 месяца назад

CVE-2026-23001

nvd

около 2 месяцев назад

CVE-2026-23001

debian

около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: m ...