Описание
ELSA-2026-6153: kernel security update (MODERATE)
[5.14.0-611.45.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]
[5.14.0-611.45.1]
- net/sched: cls_u32: use skb_header_pointer_careful() (Paolo Abeni) [RHEL-150403] {CVE-2026-23204}
- net: add skb_header_pointer_careful() helper (Paolo Abeni) [RHEL-150403]
- iommu: Skip PASID validation for devices without PASID capability (Eder Zulian) [RHEL-95264]
[5.14.0-611.44.1]
- nfsd: add list_head nf_gc to struct nfsd_file (Roberto Bergantinos Corpas) [RHEL-152551]
- redhat: genlog: add new JIRA cloud server hostname (Jan Stancek)
- smb: client: fix oops due to uninitialised var in smb2_unlink() (Paulo Alcantara) [RHEL-154395]
- cifs: some missing initializations on replay (Paulo Alcantara) [RHEL-154395]
- smb: client: fix potential UAF and double free in smb2_open_file() (Paulo Alcantara) [RHEL-154395]
- smb/client: fix memory leak in smb2_open_file() (Paulo Alcantara) [RHEL-154395]
- smb: client: split cached_fid bitfields to avoid shared-byte RMW races (Paulo Alcantara) [RHEL-154395]
- bonding: fix use-after-free due to enslave fail after slave array update (CKI Backport Bot) [RHEL-152383] {CVE-2026-23171}
- mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CKI Backport Bot) [RHEL-150477] {CVE-2026-23144}
- macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Hangbin Liu) [RHEL-150226]
- macvlan: fix error recovery in macvlan_common_newlink() (CKI Backport Bot) [RHEL-150226] {CVE-2026-23209}
- dpll: zl3073x: Fix output pin phase adjustment sign (CKI Backport Bot) [RHEL-149764]
- scsi: s390: zfcp: Ensure synchronous unit_add (CKI Backport Bot) [RHEL-143736]
[5.14.0-611.43.1]
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CKI Backport Bot) [RHEL-150422] {CVE-2026-23193}
- ALSA: aloop: Fix racy access at PCM trigger (CKI Backport Bot) [RHEL-150130] {CVE-2026-23191}
- net: atm: fix /proc/net/atm/lec handling (Hangbin Liu) [RHEL-146421] {CVE-2025-38180}
- net: atm: add lec_mutex (Hangbin Liu) [RHEL-146421] {CVE-2025-38323}
- drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (Mika Penttila) [RHEL-125460] {CVE-2025-40096}
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
kernel-cross-headers
5.14.0-611.45.1.el9_7
kernel-tools-libs-devel
5.14.0-611.45.1.el9_7
libperf
5.14.0-611.45.1.el9_7
kernel-headers
5.14.0-611.45.1.el9_7
perf
5.14.0-611.45.1.el9_7
python3-perf
5.14.0-611.45.1.el9_7
rtla
5.14.0-611.45.1.el9_7
rv
5.14.0-611.45.1.el9_7
kernel-tools
5.14.0-611.45.1.el9_7
kernel-tools-libs
5.14.0-611.45.1.el9_7
Oracle Linux x86_64
kernel-core
5.14.0-611.45.1.el9_7
kernel-debug
5.14.0-611.45.1.el9_7
kernel-debug-core
5.14.0-611.45.1.el9_7
kernel-debug-modules
5.14.0-611.45.1.el9_7
kernel-debug-modules-core
5.14.0-611.45.1.el9_7
kernel-modules-extra
5.14.0-611.45.1.el9_7
kernel-tools
5.14.0-611.45.1.el9_7
kernel-uki-virt
5.14.0-611.45.1.el9_7
kernel-debug-devel
5.14.0-611.45.1.el9_7
kernel-debug-devel-matched
5.14.0-611.45.1.el9_7
kernel-devel
5.14.0-611.45.1.el9_7
kernel-devel-matched
5.14.0-611.45.1.el9_7
kernel-doc
5.14.0-611.45.1.el9_7
kernel-headers
5.14.0-611.45.1.el9_7
perf
5.14.0-611.45.1.el9_7
python3-perf
5.14.0-611.45.1.el9_7
rtla
5.14.0-611.45.1.el9_7
rv
5.14.0-611.45.1.el9_7
kernel-cross-headers
5.14.0-611.45.1.el9_7
kernel-tools-libs-devel
5.14.0-611.45.1.el9_7
libperf
5.14.0-611.45.1.el9_7
kernel
5.14.0-611.45.1.el9_7
kernel-abi-stablelists
5.14.0-611.45.1.el9_7
kernel-debug-modules-extra
5.14.0-611.45.1.el9_7
kernel-debug-uki-virt
5.14.0-611.45.1.el9_7
kernel-modules
5.14.0-611.45.1.el9_7
kernel-modules-core
5.14.0-611.45.1.el9_7
kernel-tools-libs
5.14.0-611.45.1.el9_7
kernel-uki-virt-addons
5.14.0-611.45.1.el9_7
Ссылки на источники
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF.
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF.
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF.
