ELSA-2026-6571

Опубликовано: 07 апр. 2026

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2026-6571: kernel security update (MODERATE)

[4.18.0-553.117.1]

Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]

[4.18.0-553.117.1]

nvme-pci: do not directly handle subsys reset fallout (Maurizio Lombardi) [RHEL-136436]
scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CKI Backport Bot) [RHEL-150417] {CVE-2026-23193}

[4.18.0-553.116.1]

nouveau: fix instmem race condition around ptr stores (Lyude Paul) [RHEL-111846] {CVE-2024-26984}
s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump (Mete Durlu) [RHEL-157930]
NFSv4/flexfiles: Fix layout merge mirror check. (Mike Snitzer) [RHEL-157242]
flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (Mike Snitzer) [RHEL-157242]
pnfs/flexfiles: retry getting layout segment for reads (Mike Snitzer) [RHEL-157242]
pNFS/flexfiles: don't attempt pnfs on fatal DS errors (Mike Snitzer) [RHEL-157242]
NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Mike Snitzer) [RHEL-157242]
flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes (Mike Snitzer) [RHEL-157242]
pNFS/flexfiles: Record the RPC errors in the I/O tracepoints (Mike Snitzer) [RHEL-157242]
NFSv4/pnfs: Layoutreturn on close must handle fatal networking errors (Mike Snitzer) [RHEL-157242]
NFSv4: Handle fatal ENETDOWN and ENETUNREACH errors (Mike Snitzer) [RHEL-157242]
pNFS/flexfiles: Report ENETDOWN as a connection error (Mike Snitzer) [RHEL-157242]
pNFS/flexfiles: Treat ENETUNREACH errors as fatal in containers (Mike Snitzer) [RHEL-157242]
NFS: Treat ENETUNREACH errors as fatal in containers (Mike Snitzer) [RHEL-157242]
NFS: Add a mount option to make ENETUNREACH errors fatal (Mike Snitzer) [RHEL-157242]
NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (Mike Snitzer) [RHEL-157242]
SUNRPC: ECONNRESET might require a rebind (Mike Snitzer) [RHEL-157242]
NFS/pNFS: Set the connect timeout for the pNFS flexfiles driver (Mike Snitzer) [RHEL-157242]
SUNRPC: Don't override connect timeouts in rpc_clnt_add_xprt() (Mike Snitzer) [RHEL-157242]
SUNRPC: Allow specification of TCP client connect timeout at setup (Mike Snitzer) [RHEL-157242]
SUNRPC: Refactor and simplify connect timeout (Mike Snitzer) [RHEL-157242]
SUNRPC: Set the TCP_SYNCNT to match the socket timeout (Mike Snitzer) [RHEL-157242]
NFS: discard NFS_RPC_SWAPFLAGS and RPC_TASK_ROOTCREDS (Mike Snitzer) [RHEL-157242]
NFS: O_DIRECT writes must check and adjust the file length (Mike Snitzer) [RHEL-156419]
nfs: properly protect nfs_direct_req fields (Mike Snitzer) [RHEL-156419]
pNFS: Fix the pnfs block driver's calculation of layoutget size (Mike Snitzer) [RHEL-156419]
NFS: More fixes for nfs_direct_write_reschedule_io() (Mike Snitzer) [RHEL-156419]
NFS: Use the correct commit info in nfs_join_page_group() (Mike Snitzer) [RHEL-156419]
NFS: More O_DIRECT accounting fixes for error paths (Mike Snitzer) [RHEL-156419]
NFS: Fix O_DIRECT locking issues (Mike Snitzer) [RHEL-156419]
NFS: Fix error handling for O_DIRECT write scheduling (Mike Snitzer) [RHEL-156419]
NFS: Fix a potential data corruption (Mike Snitzer) [RHEL-156419]
NFS: Fix a use after free in nfs_direct_join_group() (Mike Snitzer) [RHEL-156419]
NFS: Clean up O_DIRECT request allocation (Mike Snitzer) [RHEL-156419]
NFS: add nfs_page_create and nfs_page_assign_page as backport prereq (Mike Snitzer) [RHEL-156419]
nfs: only issue commit in DIO codepath if we have uncommitted data (Mike Snitzer) [RHEL-156419]
nfs: always check dreq->error after a commit (Mike Snitzer) [RHEL-156419]
nfs: add new nfs_direct_req tracepoint events (Mike Snitzer) [RHEL-156419]
scsi: qla2xxx: Fix bsg_done() causing double free (Ewan D. Milne) [RHEL-153405] {CVE-2025-71238}
netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (Florian Westphal) [RHEL-153264] {CVE-2026-23231}
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (Mark Langsdorf) [RHEL-123942]

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

kernel-tools-libs-devel

4.18.0-553.117.1.el8_10

bpftool

4.18.0-553.117.1.el8_10

kernel-cross-headers

4.18.0-553.117.1.el8_10

kernel-headers

4.18.0-553.117.1.el8_10

kernel-tools

4.18.0-553.117.1.el8_10

kernel-tools-libs

4.18.0-553.117.1.el8_10

perf

4.18.0-553.117.1.el8_10

python3-perf

4.18.0-553.117.1.el8_10

Oracle Linux x86_64

kernel-tools-libs-devel

4.18.0-553.117.1.el8_10

bpftool

4.18.0-553.117.1.el8_10

kernel

4.18.0-553.117.1.el8_10

kernel-abi-stablelists

4.18.0-553.117.1.el8_10

kernel-core

4.18.0-553.117.1.el8_10

kernel-cross-headers

4.18.0-553.117.1.el8_10

kernel-debug

4.18.0-553.117.1.el8_10

kernel-debug-core

4.18.0-553.117.1.el8_10

kernel-debug-devel

4.18.0-553.117.1.el8_10

kernel-debug-modules

4.18.0-553.117.1.el8_10

kernel-debug-modules-extra

4.18.0-553.117.1.el8_10

kernel-devel

4.18.0-553.117.1.el8_10

kernel-doc

4.18.0-553.117.1.el8_10

kernel-headers

4.18.0-553.117.1.el8_10

kernel-modules

4.18.0-553.117.1.el8_10

kernel-modules-extra

4.18.0-553.117.1.el8_10

kernel-tools

4.18.0-553.117.1.el8_10

kernel-tools-libs

4.18.0-553.117.1.el8_10

perf

4.18.0-553.117.1.el8_10

python3-perf

4.18.0-553.117.1.el8_10

Связанные CVE

Ссылки на источники

Связанные уязвимости

RLSA-2026:6571

rocky

2 месяца назад

Moderate: kernel security update

CVE-2024-26984

CVSS3: 5.5

ubuntu

около 2 лет назад

In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 8000000114e6e067 P4D 8000000114e6e067 PUD 109046067 PMD 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 7 PID: 53891 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27 Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021 RIP: 0010:gp100_vmm_pgt_mem+0xe3/0x180 [nouveau] Code: c7 48 01 c8 49 89 45 58 85 d2 0f 84 95 00 00 00 41 0f b7 46 12 49 8b 7e 08 89 da 42 8d 2c f8 48 8b 47 08 41 83 c7 01 48 89 ee <48> 8b 40 08 ff d0 0f 1f 00 49 8b 7e 08 48 89 d9 48 8d 75 04 48 c1 RSP: 0000:ffffac20c5857838 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 00000000004d8001 RCX: 0000000000000001 RDX: 00000000004d8001 RSI: 00000000000006d8 RDI: ffffa07afe332180 RBP: 0...

CVE-2024-26984

CVSS3: 5.5

redhat

около 2 лет назад

CVE-2024-26984

CVSS3: 5.5

nvd

около 2 лет назад

CVE-2024-26984

CVSS3: 5.5

msrc

около 2 лет назад

Описание отсутствует