Описание
ELSA-2026-3966: kernel security update (IMPORTANT)
[5.14.0-611.38.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]
[5.14.0-611.38.1]
- mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CKI Backport Bot) [RHEL-143194] {CVE-2025-68800}
[5.14.0-611.37.1]
- printk: Use console_is_usable on console_unblank (CKI Backport Bot) [RHEL-148302]
- printk: Check CON_SUSPEND when unblanking a console (CKI Backport Bot) [RHEL-148302]
- printk: Avoid irq_work for printk_deferred() on suspend (CKI Backport Bot) [RHEL-148302]
- printk: Avoid scheduling irq_work on suspend (CKI Backport Bot) [RHEL-148302]
- printk: nbcon: Allow reacquire during panic (CKI Backport Bot) [RHEL-148302]
- printk: Allow printk_trigger_flush() to flush all types (CKI Backport Bot) [RHEL-148302]
- printk: nbcon: Use raw_cpu_ptr() instead of open coding (CKI Backport Bot) [RHEL-148302]
- backport 'printk: Add helper for flush type logic' and associated changes (CKI Backport Bot) [RHEL-148302]
- printk: Remove redundant deferred check in vprintk() (CKI Backport Bot) [RHEL-148302]
- printk: Introduce force_legacy_kthread() macro (CKI Backport Bot) [RHEL-148302]
- printk: Add is_printk_legacy_deferred() (CKI Backport Bot) [RHEL-148302]
- io_uring/sqpoll: don't put task_struct on tctx setup failure (Jeff Moyer) [RHEL-137988]
- io_uring: consistently use rcu semantics with sqpoll thread (Jeff Moyer) [RHEL-137988]
- io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() (Jeff Moyer) [RHEL-137988] {CVE-2025-38106}
- io_uring/sqpoll: fix sqpoll error handling races (Jeff Moyer) [RHEL-137988]
- io_uring/sqpoll: annotate debug task == current with data_race() (Jeff Moyer) [RHEL-137988]
- macvlan: fix possible UAF in macvlan_forward_source() (CKI Backport Bot) [RHEL-144125] {CVE-2026-23001}
- net/smc: Fix lookup of netdev by using ib_device_get_netdev() (CKI Backport Bot) [RHEL-114786]
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
kernel-cross-headers
5.14.0-611.38.1.el9_7
kernel-tools-libs-devel
5.14.0-611.38.1.el9_7
libperf
5.14.0-611.38.1.el9_7
kernel-headers
5.14.0-611.38.1.el9_7
perf
5.14.0-611.38.1.el9_7
python3-perf
5.14.0-611.38.1.el9_7
rtla
5.14.0-611.38.1.el9_7
rv
5.14.0-611.38.1.el9_7
kernel-tools
5.14.0-611.38.1.el9_7
kernel-tools-libs
5.14.0-611.38.1.el9_7
Oracle Linux x86_64
kernel
5.14.0-611.38.1.el9_7
kernel-abi-stablelists
5.14.0-611.38.1.el9_7
kernel-core
5.14.0-611.38.1.el9_7
kernel-debug
5.14.0-611.38.1.el9_7
kernel-debug-core
5.14.0-611.38.1.el9_7
kernel-debug-modules
5.14.0-611.38.1.el9_7
kernel-debug-modules-core
5.14.0-611.38.1.el9_7
kernel-debug-modules-extra
5.14.0-611.38.1.el9_7
kernel-debug-uki-virt
5.14.0-611.38.1.el9_7
kernel-modules
5.14.0-611.38.1.el9_7
kernel-modules-core
5.14.0-611.38.1.el9_7
kernel-modules-extra
5.14.0-611.38.1.el9_7
kernel-tools
5.14.0-611.38.1.el9_7
kernel-tools-libs
5.14.0-611.38.1.el9_7
kernel-uki-virt
5.14.0-611.38.1.el9_7
kernel-uki-virt-addons
5.14.0-611.38.1.el9_7
kernel-debug-devel
5.14.0-611.38.1.el9_7
kernel-debug-devel-matched
5.14.0-611.38.1.el9_7
kernel-devel
5.14.0-611.38.1.el9_7
kernel-devel-matched
5.14.0-611.38.1.el9_7
kernel-doc
5.14.0-611.38.1.el9_7
kernel-headers
5.14.0-611.38.1.el9_7
perf
5.14.0-611.38.1.el9_7
python3-perf
5.14.0-611.38.1.el9_7
rtla
5.14.0-611.38.1.el9_7
rv
5.14.0-611.38.1.el9_7
kernel-cross-headers
5.14.0-611.38.1.el9_7
kernel-tools-libs-devel
5.14.0-611.38.1.el9_7
libperf
5.14.0-611.38.1.el9_7
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60 Read of size 8 at addr ffff88810de2d2c8 by task a.out/304 CPU: 0 UID: 0 PID: 304 Comm: a.out Not tainted 6.16.0-rc1 #1 PREEMPT(voluntary) Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x53/0x70 print_report+0xd0/0x670 ? __pfx__raw_spin_lock_irqsave+0x10/0x10 ? getrusage+0x1109/0x1a60 kasan_report+0xce/0x100 ? getrusage+0x1109/0x1a60 getrusage+0x1109/0x1a60 ? __pfx_getrusage+0x10/0x10 __io_uring_show_fdinfo+0x9fe/0x1790 ? ksys_read+0xf7/0x1c0 ? do_syscall_64+0xa4/0x260 ? vsnprintf+0x591/0x1100 ? __pfx___io_uring_show_fdinfo+0x10/0x10 ? __pfx_vsnprintf+0x10/0x10 ? mutex_trylock+0xcf/0x130 ? __pfx_mutex_trylock+0x10/0x10 ? __pfx_show_fd_locks+0x10/0x10 ? io_uring_show_fdinfo+0x57/0x80 io_uri...
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60 Read of size 8 at addr ffff88810de2d2c8 by task a.out/304 CPU: 0 UID: 0 PID: 304 Comm: a.out Not tainted 6.16.0-rc1 #1 PREEMPT(voluntary) Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x53/0x70 print_report+0xd0/0x670 ? __pfx__raw_spin_lock_irqsave+0x10/0x10 ? getrusage+0x1109/0x1a60 kasan_report+0xce/0x100 ? getrusage+0x1109/0x1a60 getrusage+0x1109/0x1a60 ? __pfx_getrusage+0x10/0x10 __io_uring_show_fdinfo+0x9fe/0x1790 ? ksys_read+0xf7/0x1c0 ? do_syscall_64+0xa4/0x260 ? vsnprintf+0x591/0x1100 ? __pfx___io_uring_show_fdinfo+0x10/0x10 ? __pfx_vsnprintf+0x10/0x10 ? mutex_trylock+0xcf/0x130 ? __pfx_mutex_trylock+0x10/0x10 ? __pfx_show_fd_locks+0x10/0x10 ? io_uring_show_fdinfo+0x57/0x80 io_uri...
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60 Read of size 8 at addr ffff88810de2d2c8 by task a.out/304 CPU: 0 UID: 0 PID: 304 Comm: a.out Not tainted 6.16.0-rc1 #1 PREEMPT(voluntary) Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x53/0x70 print_report+0xd0/0x670 ? __pfx__raw_spin_lock_irqsave+0x10/0x10 ? getrusage+0x1109/0x1a60 kasan_report+0xce/0x100 ? getrusage+0x1109/0x1a60 getrusage+0x1109/0x1a60 ? __pfx_getrusage+0x10/0x10 __io_uring_show_fdinfo+0x9fe/0x1790 ? ksys_read+0xf7/0x1c0 ? do_syscall_64+0xa4/0x260 ? vsnprintf+0x591/0x1100 ? __pfx___io_uring_show_fdinfo+0x10/0x10 ? __pfx_vsnprintf+0x10/0x10 ? mutex_trylock+0xcf/0x130 ? __pfx_mutex_trylock+0x10/0x10 ? __pfx_show_fd_locks+0x10/0x10 ? io_uring_show_fdi
In the Linux kernel, the following vulnerability has been resolved: i ...