ELSA-2026-4759

Опубликовано: 17 мар. 2026

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2026-4759: kernel security update (MODERATE)

[5.14.0-611.41.1]

Disable UKI signing [Orabug: 36571828]
Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
Add Oracle Linux IMA certificates
Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

[5.14.0-611.41.1]

net: vxlan: prevent NULL deref in vxlan_xmit_one (Antoine Tenart) [RHEL-133369]
ACPI: PRM: Reduce unnecessary printing to avoid user confusion (Mark Langsdorf) [RHEL-123057]

[5.14.0-611.40.1]

s390/pci: Allow automatic recovery with minimal driver support (CKI Backport Bot) [RHEL-118881]
mm/hugetlb: ignore hugepage kernel args if hugepages are unsupported (Luiz Capitulino) [RHEL-143846]

[5.14.0-611.39.1]

HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save (CKI Backport Bot) [RHEL-142232] {CVE-2025-39818}

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

kernel-cross-headers

5.14.0-611.41.1.el9_7

kernel-tools-libs-devel

5.14.0-611.41.1.el9_7

libperf

5.14.0-611.41.1.el9_7

kernel-tools-libs

5.14.0-611.41.1.el9_7

kernel-headers

5.14.0-611.41.1.el9_7

perf

5.14.0-611.41.1.el9_7

python3-perf

5.14.0-611.41.1.el9_7

rtla

5.14.0-611.41.1.el9_7

kernel-tools

5.14.0-611.41.1.el9_7

Oracle Linux x86_64

kernel

5.14.0-611.41.1.el9_7

kernel-abi-stablelists

5.14.0-611.41.1.el9_7

kernel-core

5.14.0-611.41.1.el9_7

kernel-debug

5.14.0-611.41.1.el9_7

kernel-debug-core

5.14.0-611.41.1.el9_7

kernel-debug-modules

5.14.0-611.41.1.el9_7

kernel-debug-modules-core

5.14.0-611.41.1.el9_7

kernel-debug-modules-extra

5.14.0-611.41.1.el9_7

kernel-debug-uki-virt

5.14.0-611.41.1.el9_7

kernel-modules

5.14.0-611.41.1.el9_7

kernel-modules-core

5.14.0-611.41.1.el9_7

kernel-modules-extra

5.14.0-611.41.1.el9_7

kernel-tools

5.14.0-611.41.1.el9_7

kernel-tools-libs

5.14.0-611.41.1.el9_7

kernel-uki-virt

5.14.0-611.41.1.el9_7

kernel-uki-virt-addons

5.14.0-611.41.1.el9_7

kernel-debug-devel

5.14.0-611.41.1.el9_7

kernel-debug-devel-matched

5.14.0-611.41.1.el9_7

kernel-devel

5.14.0-611.41.1.el9_7

kernel-devel-matched

5.14.0-611.41.1.el9_7

kernel-doc

5.14.0-611.41.1.el9_7

kernel-headers

5.14.0-611.41.1.el9_7

perf

5.14.0-611.41.1.el9_7

python3-perf

5.14.0-611.41.1.el9_7

rtla

5.14.0-611.41.1.el9_7

kernel-cross-headers

5.14.0-611.41.1.el9_7

kernel-tools-libs-devel

5.14.0-611.41.1.el9_7

libperf

5.14.0-611.41.1.el9_7

Связанные CVE

CVE-2025-39818

CVE-2025-68800

Ссылки на источники

Связанные уязвимости

CVE-2025-39818

CVSS3: 7.8

ubuntu

6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer (&dev->i2c_subip_regs) caused kernel crash and out-of-bounds error: BUG: KASAN: slab-out-of-bounds in _regmap_bulk_read+0x449/0x510 Write of size 4 at addr ffff888136005dc0 by task kworker/u33:5/5107 CPU: 3 UID: 0 PID: 5107 Comm: kworker/u33:5 Not tainted 6.16.0+ #3 PREEMPT(voluntary) Workqueue: async async_run_entry_fn Call Trace: <TASK> dump_stack_lvl+0x76/0xa0 print_report+0xd1/0x660 ? __pfx__raw_spin_lock_irqsave+0x10/0x10 ? kasan_complete_mode_report_info+0x26/0x200 kasan_report+0xe1/0x120 ? _regmap_bulk_read+0x449/0x510 ? _regmap_bulk_read+0x449/0x510 __asan_report_store4_noabort+0x17/0x30 _regmap_bulk_read+0x449/0x510 ? __pfx__regmap_bulk_read+0x10/0x10 regmap_bulk_read+0x270/0x3d0 pio_complete+0x1ee/0x2c0 [intel_thc] ? __pfx_pio_complete+0x10/0x10 [intel_thc] ? __pfx_pio_wait+0x10/0x10 [intel_th...

CVE-2025-39818

CVSS3: 5.5

redhat

6 месяцев назад

CVE-2025-39818

CVSS3: 7.8

nvd

6 месяцев назад

CVE-2025-39818

CVSS3: 7.8

debian

6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: H ...

CVE-2025-68800

ubuntu

2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver periodically traverses it in order to update the kernel about multicast route stats that were queried from the device. One instance of list entry deletion (during route replace) was missed and it can result in a use-after-free [1]. Fix by acquiring the mutex before deleting the entry from the list and releasing it afterwards. [1] BUG: KASAN: slab-use-after-free in mlxsw_sp_mr_stats_update+0x4a5/0x540 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:1006 [mlxsw_spectrum] Read of size 8 at addr ffff8881523c2fa8 by task kworker/2:5/22043 CPU: 2 UID: 0 PID: 22043 Comm: kworker/2:5 Not tainted 6.18.0-rc1-custom-g1a3d6d7cd014 #1 PREEMPT(full) Hardware name: Mellanox Technologies Ltd. MSN2010/SA002610, BIOS 5.6.5 0...