Описание
ELSA-2026-6570: kernel security update (MODERATE)
[5.14.0-611.47.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]
[5.14.0-611.47.1]
- net/mlx5: Fix ECVF vports unload on shutdown flow (CKI Backport Bot) [RHEL-154537] {CVE-2025-38109}
- netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (CKI Backport Bot) [RHEL-153269] {CVE-2026-23231}
- ice: Fix PTP NULL pointer dereference during VSI rebuild (CKI Backport Bot) [RHEL-150245] {CVE-2026-23210}
- netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CKI Backport Bot) [RHEL-149748] {CVE-2026-23111}
[5.14.0-611.46.1]
- ice: fix page leak for zero-size Rx descriptors (CKI Backport Bot) [RHEL-154094]
- net: mana: Reduce waiting time if HWC not responding (Maxim Levitsky) [RHEL-92243]
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
kernel-cross-headers
5.14.0-611.47.1.el9_7
kernel-tools-libs-devel
5.14.0-611.47.1.el9_7
libperf
5.14.0-611.47.1.el9_7
kernel-tools
5.14.0-611.47.1.el9_7
kernel-headers
5.14.0-611.47.1.el9_7
perf
5.14.0-611.47.1.el9_7
python3-perf
5.14.0-611.47.1.el9_7
rtla
5.14.0-611.47.1.el9_7
rv
5.14.0-611.47.1.el9_7
kernel-tools-libs
5.14.0-611.47.1.el9_7
Oracle Linux x86_64
kernel
5.14.0-611.47.1.el9_7
kernel-abi-stablelists
5.14.0-611.47.1.el9_7
kernel-core
5.14.0-611.47.1.el9_7
kernel-debug
5.14.0-611.47.1.el9_7
kernel-debug-modules
5.14.0-611.47.1.el9_7
kernel-debug-modules-core
5.14.0-611.47.1.el9_7
kernel-modules-core
5.14.0-611.47.1.el9_7
kernel-tools
5.14.0-611.47.1.el9_7
kernel-tools-libs
5.14.0-611.47.1.el9_7
kernel-uki-virt
5.14.0-611.47.1.el9_7
kernel-debug-devel
5.14.0-611.47.1.el9_7
kernel-debug-devel-matched
5.14.0-611.47.1.el9_7
kernel-devel
5.14.0-611.47.1.el9_7
kernel-devel-matched
5.14.0-611.47.1.el9_7
kernel-doc
5.14.0-611.47.1.el9_7
kernel-headers
5.14.0-611.47.1.el9_7
perf
5.14.0-611.47.1.el9_7
python3-perf
5.14.0-611.47.1.el9_7
rtla
5.14.0-611.47.1.el9_7
rv
5.14.0-611.47.1.el9_7
kernel-cross-headers
5.14.0-611.47.1.el9_7
kernel-tools-libs-devel
5.14.0-611.47.1.el9_7
libperf
5.14.0-611.47.1.el9_7
kernel-debug-core
5.14.0-611.47.1.el9_7
kernel-debug-modules-extra
5.14.0-611.47.1.el9_7
kernel-debug-uki-virt
5.14.0-611.47.1.el9_7
kernel-modules
5.14.0-611.47.1.el9_7
kernel-modules-extra
5.14.0-611.47.1.el9_7
kernel-uki-virt-addons
5.14.0-611.47.1.el9_7
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix ECVF vports unload on shutdown flow Fix shutdown flow UAF when a virtual function is created on the embedded chip (ECVF) of a BlueField device. In such case the vport acl ingress table is not properly destroyed. ECVF functionality is independent of ecpf_vport_exists capability and thus functions mlx5_eswitch_(enable|disable)_pf_vf_vports() should not test it when enabling/disabling ECVF vports. kernel log: [] refcount_t: underflow; use-after-free. [] WARNING: CPU: 3 PID: 1 at lib/refcount.c:28 refcount_warn_saturate+0x124/0x220 ---------------- [] Call trace: [] refcount_warn_saturate+0x124/0x220 [] tree_put_node+0x164/0x1e0 [mlx5_core] [] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core] [] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core] [] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core] [] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core] [] esw_vport_cleanup+0x64/0x90 [mlx5_core] [] mlx5_esw_vp...
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix ECVF vports unload on shutdown flow Fix shutdown flow UAF when a virtual function is created on the embedded chip (ECVF) of a BlueField device. In such case the vport acl ingress table is not properly destroyed. ECVF functionality is independent of ecpf_vport_exists capability and thus functions mlx5_eswitch_(enable|disable)_pf_vf_vports() should not test it when enabling/disabling ECVF vports. kernel log: [] refcount_t: underflow; use-after-free. [] WARNING: CPU: 3 PID: 1 at lib/refcount.c:28 refcount_warn_saturate+0x124/0x220 ---------------- [] Call trace: [] refcount_warn_saturate+0x124/0x220 [] tree_put_node+0x164/0x1e0 [mlx5_core] [] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core] [] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core] [] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core] [] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core] [] esw_vport_cleanup+0x64/0x90 [mlx5_core] [] mlx5_esw_vp...
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix ECVF vports unload on shutdown flow Fix shutdown flow UAF when a virtual function is created on the embedded chip (ECVF) of a BlueField device. In such case the vport acl ingress table is not properly destroyed. ECVF functionality is independent of ecpf_vport_exists capability and thus functions mlx5_eswitch_(enable|disable)_pf_vf_vports() should not test it when enabling/disabling ECVF vports. kernel log: [] refcount_t: underflow; use-after-free. [] WARNING: CPU: 3 PID: 1 at lib/refcount.c:28 refcount_warn_saturate+0x124/0x220 ---------------- [] Call trace: [] refcount_warn_saturate+0x124/0x220 [] tree_put_node+0x164/0x1e0 [mlx5_core] [] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core] [] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core] [] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core] [] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core] [] esw_vport_cleanup+0x64/0x90 [mlx5_core] [] mlx5_es
