ELSA-2026-50387 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2026-37435 Important: Oracle Linux 9 golang security, bug fix, and enhancement update
ELSA-2026-37410 Important: Oracle Linux 9 buildah security update
ELSA-2026-37123 Important: Oracle Linux 9 podman security, bug fix, and enhancement update
ELSA-2026-37207 Important: Oracle Linux 9 freerdp security update
ELSA-2026-37129 Important: Oracle Linux 9 gstreamer1-plugins-good security update
ELSA-2026-36879 Important: Oracle Linux 9 tomcat security, bug fix, and enhancement update
ELSA-2026-36834 Important: Oracle Linux 9 gstreamer1-plugins-bad-free security update
ELSA-2026-36777 Important: Oracle Linux 9 unbound security update
ELSA-2026-36674 Moderate: Oracle Linux 9 gstreamer1-plugins-ugly-free security update
ELSA-2026-36018 Important: Oracle Linux 9 kernel security, bug fix, and enhancement update
ELSA-2026-36639 Important: Oracle Linux 9 nginx:1.26 security, bug fix, and enhancement update
ELSA-2026-36618 Important: Oracle Linux 9 nginx:1.24 security, bug fix, and enhancement update
ELSA-2026-26567 Moderate: Oracle Linux 7 libexif security update
ELBA-2026-36723 Oracle Linux 8 gnome-shell-extensions bug fix and enhancement update
ELSA-2026-36617 Important: Oracle Linux 9 oci-seccomp-bpf-hook security update
ELSA-2026-35891 Important: Oracle Linux 9 nodejs:24 security, bug fix, and enhancement update
ELSA-2026-35892 Important: Oracle Linux 9 nodejs:22 security, bug fix, and enhancement update
ELSA-2026-26204 Important: Oracle Linux 9 postgresql:18 security update
ELSA-2026-50387 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2026-50388 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELBA-2026-50378 Oracle Linux 9 fips-provider-next bug fix update
ELSA-2026-50387 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2026-36734 Low: Oracle Linux 8 libxml2 security update
ELBA-2026-25921 Oracle Linux 8 scap-security-guide bug fix and enhancement update
ELSA-2026-36728 Low: Oracle Linux 8 libtasn1 security update
ELSA-2026-37282 Important: Oracle Linux 8 unbound security update
ELSA-2026-37137 Important: Oracle Linux 8 tomcat security, bug fix, and enhancement update
ELSA-2026-36733 Moderate: Oracle Linux 8 cups security update
ELSA-2026-37130 Important: Oracle Linux 8 gstreamer1-plugins-bad-free security update
ELSA-2026-36774 Important: Oracle Linux 8 gstreamer1-plugins-good security update
ELSA-2026-36732 Moderate: Oracle Linux 8 python-urllib3 security update
ELSA-2026-36730 Moderate: Oracle Linux 8 libsolv security update
ELSA-2026-36201 Important: Oracle Linux 8 389-ds:1.4 security update
ELSA-2026-50388 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2026-36721 Moderate: Oracle Linux 8 edk2 security, bug fix, and enhancement update
ELSA-2026-50388 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELBA-2026-36731 Oracle Linux 8 libusbx bug fix and enhancement update
ELBA-2026-36725 Oracle Linux 8 nfs-utils bug fix and enhancement update
ELSA-2026-35830 Important: Oracle Linux 8 grafana security update
ELBA-2026-36724 Oracle Linux 8 gdm and gnome-shell bug fix and enhancement update
New Ksplice updates for UEKR8 6.12.0 on OL9 and OL10 (ELSA-2026-50319)
ELSA-2026-50387 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50387
http://linux.oracle.com/errata/ELSA-2026-50387.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-5.15.0-322.203.3.3.el9uek.x86_64.rpm
kernel-uek-5.15.0-322.203.3.3.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-322.203.3.3.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-322.203.3.3.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-322.203.3.3.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-322.203.3.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-322.203.3.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-322.203.3.3.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-322.203.3.3.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-322.203.3.3.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-322.203.3.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-322.203.3.3.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-322.203.3.3.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-322.203.3.3.el9uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-322.203.3.3.el9uek.src.rpm
Related CVEs:
CVE-2026-43499
Description of changes:
[5.15.0-322.203.3.3]
- locking/rtmutex: Skip remove_waiter() when waiter is not enqueued (Davidlohr Bueso) [Orabug: 39706512]
- rtmutex: Use waiter::task instead of current in remove_waiter() (Keenan Dong) [Orabug: 39706512] {CVE-2026-43499}
ELSA-2026-37435 Important: Oracle Linux 9 golang security, bug fix, and enhancement update
Oracle Linux Security Advisory ELSA-2026-37435
http://linux.oracle.com/errata/ELSA-2026-37435.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
go-toolset-1.26.5-1.0.1.el9_8.x86_64.rpm
golang-1.26.5-1.0.1.el9_8.x86_64.rpm
golang-bin-1.26.5-1.0.1.el9_8.x86_64.rpm
golang-docs-1.26.5-1.0.1.el9_8.noarch.rpm
golang-misc-1.26.5-1.0.1.el9_8.noarch.rpm
golang-race-1.26.5-1.0.1.el9_8.x86_64.rpm
golang-src-1.26.5-1.0.1.el9_8.noarch.rpm
golang-tests-1.26.5-1.0.1.el9_8.noarch.rpm
aarch64:
go-toolset-1.26.5-1.0.1.el9_8.aarch64.rpm
golang-1.26.5-1.0.1.el9_8.aarch64.rpm
golang-bin-1.26.5-1.0.1.el9_8.aarch64.rpm
golang-docs-1.26.5-1.0.1.el9_8.noarch.rpm
golang-misc-1.26.5-1.0.1.el9_8.noarch.rpm
golang-race-1.26.5-1.0.1.el9_8.aarch64.rpm
golang-src-1.26.5-1.0.1.el9_8.noarch.rpm
golang-tests-1.26.5-1.0.1.el9_8.noarch.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/golang-1.26.5-1.0.1.el9_8.src.rpm
Related CVEs:
CVE-2026-39821
CVE-2026-39822
Description of changes:
[1.26.5-1.0.1]
- EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var
[1.26.5-1]
- Update to Go 1.26.5 (fips-1)
- Resolves: RHEL-193476
[1.25.7-1]
- Update to Go 1.25.7 (fips-1)
- Resolves: RHEL-146452
[1.25.5-1]
- Update to Go 1.25.5 (fips-1)
- Resolves: RHEL-139364
[1.25.3-2]
- Cleanup lib/ ownership
[1.25.3-1]
- Update to Go 1.25.3
- Resolves: RHEL-121220
[1.25.1-1]
- Update to Go 1.25.1
- Resolves: RHEL-116850
[1.25.0-2]
- Revert DWARF5 defaults
- Add elf5 to rpminspect.yaml
- Related: RHEL-109557
[1.25.0-1]
- Update to Go 1.25.0
- Set GOAMD64 to v2 to align with new architecture baselines
- Modify the modify_go.env.patch to reflect GOAMD64 baseline version change to v2
- Resolves: RHEL-109557
[1.24.6-1]
- Update to Go 1.24.6 (fips-1)
- Resolves: RHEL-106461
ELSA-2026-37410 Important: Oracle Linux 9 buildah security update
Oracle Linux Security Advisory ELSA-2026-37410
http://linux.oracle.com/errata/ELSA-2026-37410.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
buildah-1.43.1-3.0.1.el9_8.x86_64.rpm
buildah-tests-1.43.1-3.0.1.el9_8.x86_64.rpm
aarch64:
buildah-1.43.1-3.0.1.el9_8.aarch64.rpm
buildah-tests-1.43.1-3.0.1.el9_8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/buildah-1.43.1-3.0.1.el9_8.src.rpm
Related CVEs:
CVE-2026-39832
CVE-2026-39835
Description of changes:
[1.43.1-3.0.1]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178]
[2:1.43.1-3]
- bump golang.org/x/crypto to v0.53.0 to fix CVE-2026-39832 and CVE-2026-39835
- Resolves: RHEL-188733 RHEL-190066
ELSA-2026-37123 Important: Oracle Linux 9 podman security, bug fix, and enhancement update
Oracle Linux Security Advisory ELSA-2026-37123
http://linux.oracle.com/errata/ELSA-2026-37123.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
podman-5.8.2-4.0.1.el9_8.x86_64.rpm
podman-docker-5.8.2-4.0.1.el9_8.noarch.rpm
podman-plugins-5.8.2-4.0.1.el9_8.x86_64.rpm
podman-remote-5.8.2-4.0.1.el9_8.x86_64.rpm
podman-tests-5.8.2-4.0.1.el9_8.x86_64.rpm
aarch64:
podman-5.8.2-4.0.1.el9_8.aarch64.rpm
podman-docker-5.8.2-4.0.1.el9_8.noarch.rpm
podman-plugins-5.8.2-4.0.1.el9_8.aarch64.rpm
podman-remote-5.8.2-4.0.1.el9_8.aarch64.rpm
podman-tests-5.8.2-4.0.1.el9_8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/podman-5.8.2-4.0.1.el9_8.src.rpm
Related CVEs:
CVE-2026-25681
CVE-2026-27136
CVE-2026-39829
CVE-2026-39832
CVE-2026-39835
CVE-2026-42508
CVE-2026-57231
Description of changes:
[5.8.2-4.0.1]
- Rework CNI/Netavark detection logic [JIRA: EVG-3769]
- Rebuild on new golang to support experimental GODEBUG fipsnoenforceems
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404]
[6:5.8.2-4]
- bump to upstream commit a476c2b2 fixing CVE-2026-39835 CVE-2026-39829
CVE-2026-39832 CVE-2026-42508 CVE-2026-27136 CVE-2026-25681 CVE-2026-57231 and
podman-remote save regression
ELSA-2026-37207 Important: Oracle Linux 9 freerdp security update
Oracle Linux Security Advisory ELSA-2026-37207
http://linux.oracle.com/errata/ELSA-2026-37207.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
freerdp-2.11.7-7.el9_8.4.x86_64.rpm
freerdp-devel-2.11.7-7.el9_8.4.i686.rpm
freerdp-devel-2.11.7-7.el9_8.4.x86_64.rpm
freerdp-libs-2.11.7-7.el9_8.4.i686.rpm
freerdp-libs-2.11.7-7.el9_8.4.x86_64.rpm
libwinpr-2.11.7-7.el9_8.4.i686.rpm
libwinpr-2.11.7-7.el9_8.4.x86_64.rpm
libwinpr-devel-2.11.7-7.el9_8.4.i686.rpm
libwinpr-devel-2.11.7-7.el9_8.4.x86_64.rpm
aarch64:
freerdp-2.11.7-7.el9_8.4.aarch64.rpm
freerdp-devel-2.11.7-7.el9_8.4.aarch64.rpm
freerdp-libs-2.11.7-7.el9_8.4.aarch64.rpm
libwinpr-2.11.7-7.el9_8.4.aarch64.rpm
libwinpr-devel-2.11.7-7.el9_8.4.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/freerdp-2.11.7-7.el9_8.4.src.rpm
Related CVEs:
CVE-2026-45700
Description of changes:
[2:2.11.7-7.4]
- Fix incorrect bounds checks in planar codec (CVE-2026-45700)
Resolves: RHEL-186991
ELSA-2026-37129 Important: Oracle Linux 9 gstreamer1-plugins-good security update
Oracle Linux Security Advisory ELSA-2026-37129
http://linux.oracle.com/errata/ELSA-2026-37129.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
gstreamer1-plugins-good-1.22.12-7.el9_8.1.i686.rpm
gstreamer1-plugins-good-1.22.12-7.el9_8.1.x86_64.rpm
gstreamer1-plugins-good-gtk-1.22.12-7.el9_8.1.i686.rpm
gstreamer1-plugins-good-gtk-1.22.12-7.el9_8.1.x86_64.rpm
aarch64:
gstreamer1-plugins-good-1.22.12-7.el9_8.1.aarch64.rpm
gstreamer1-plugins-good-gtk-1.22.12-7.el9_8.1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/gstreamer1-plugins-good-1.22.12-7.el9_8.1.src.rpm
Related CVEs:
CVE-2026-53705
Description of changes:
[1.22.12-7.1]
- Rebase rhel-9.8.0 from 1.18.4 to 1.22.12 to resync with rhel-9.7.0/c9s
(this branch had regressed to a stale pre-1.22.12 base)
Resolves: RHEL-156269, RHEL-156270
- Fix CVE-2026-53705: integer overflow in wavpack decoder, re-applied
on top of the correct 1.22.12 base
Resolves: RHEL-184477
[1.22.12-5]
- Apply patches for CVE-2026-3083, CVE-2026-3085
Resolves: RHEL-156267, RHEL-156266
[1.22.12-4]
- Apply patches for CVE-2024-47537, CVE-2024-47539, CVE-2024-47540
CVE-2024-47543, CVE-2024-47544, CVE-2024-47545, CVE-2024-47546,
CVE-2024-47596, CVE-2024-47597, CVE-2024-47598, CVE-2024-47599,
CVE-2024-47601, CVE-2024-47602, CVE-2024-47603, CVE-2024-47606,
CVE-2024-47613, CVE-2024-47774, CVE-2024-47775, CVE-2024-47776,
CVE-2024-47777, CVE-2024-47778, CVE-2024-47834
- Resolves: RHEL-70958, RHEL-70971, RHEL-71033, RHEL-71195
- Resolves: RHEL-71210, RHEL-71202, RHEL-71171, RHEL-71200
- Resolves: RHEL-71206, RHEL-71173, RHEL-71198, RHEL-71204
- Resolves: RHEL-71208, RHEL-71031, RHEL-71007, RHEL-71039
- Resolves: RHEL-71169, RHEL-71192, RHEL-71161, RHEL-71167
- Resolves: RHEL-71189
[1.22.12-3]
- Rebuild
- Resolves: RHEL-38511, RHEL-41157
[1.22.12-2]
- Rebuild
- Resolves: RHEL-38511, RHEL-41157
ELSA-2026-36879 Important: Oracle Linux 9 tomcat security, bug fix, and enhancement update
Oracle Linux Security Advisory ELSA-2026-36879
http://linux.oracle.com/errata/ELSA-2026-36879.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
tomcat-9.0.117-2.el9_8.noarch.rpm
tomcat-admin-webapps-9.0.117-2.el9_8.noarch.rpm
tomcat-docs-webapp-9.0.117-2.el9_8.noarch.rpm
tomcat-el-3.0-api-9.0.117-2.el9_8.noarch.rpm
tomcat-jsp-2.3-api-9.0.117-2.el9_8.noarch.rpm
tomcat-lib-9.0.117-2.el9_8.noarch.rpm
tomcat-servlet-4.0-api-9.0.117-2.el9_8.noarch.rpm
tomcat-webapps-9.0.117-2.el9_8.noarch.rpm
aarch64:
tomcat-9.0.117-2.el9_8.noarch.rpm
tomcat-admin-webapps-9.0.117-2.el9_8.noarch.rpm
tomcat-docs-webapp-9.0.117-2.el9_8.noarch.rpm
tomcat-el-3.0-api-9.0.117-2.el9_8.noarch.rpm
tomcat-jsp-2.3-api-9.0.117-2.el9_8.noarch.rpm
tomcat-lib-9.0.117-2.el9_8.noarch.rpm
tomcat-servlet-4.0-api-9.0.117-2.el9_8.noarch.rpm
tomcat-webapps-9.0.117-2.el9_8.noarch.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/tomcat-9.0.117-2.el9_8.src.rpm
Related CVEs:
CVE-2026-29146
CVE-2026-34486
Description of changes:
[1:9.0.117-2]
- Resolves: RHEL-183992 Remove tomcat clustering JAR from RPM builds
- Exclude i686 architecture from build
ELSA-2026-36834 Important: Oracle Linux 9 gstreamer1-plugins-bad-free security update
Oracle Linux Security Advisory ELSA-2026-36834
http://linux.oracle.com/errata/ELSA-2026-36834.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
gstreamer1-plugins-bad-free-1.22.12-7.el9_8.1.i686.rpm
gstreamer1-plugins-bad-free-1.22.12-7.el9_8.1.x86_64.rpm
gstreamer1-plugins-bad-free-devel-1.22.12-7.el9_8.1.i686.rpm
gstreamer1-plugins-bad-free-devel-1.22.12-7.el9_8.1.x86_64.rpm
gstreamer1-plugins-bad-free-libs-1.22.12-7.el9_8.1.i686.rpm
gstreamer1-plugins-bad-free-libs-1.22.12-7.el9_8.1.x86_64.rpm
aarch64:
gstreamer1-plugins-bad-free-1.22.12-7.el9_8.1.aarch64.rpm
gstreamer1-plugins-bad-free-devel-1.22.12-7.el9_8.1.aarch64.rpm
gstreamer1-plugins-bad-free-libs-1.22.12-7.el9_8.1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/gstreamer1-plugins-bad-free-1.22.12-7.el9_8.1.src.rpm
Related CVEs:
CVE-2026-52718
CVE-2026-52719
CVE-2026-52720
CVE-2026-52722
Description of changes:
[1.22.12-7.1]
- Sync with c9s release -5..-7: fix for CVE-2026-2923, CVE-2026-3082
in dvbsuboverlay and jpegparser
Resolves: RHEL-156242, RHEL-156255
[1.22.12-4.4]
- Fix bytes/bits confusion in AV1 tile data size parsing
(CVE-2026-52718)
Resolves: RHEL-184388
[1.22.12-4.3]
- Fix for CVE-2026-52719: vajpegdecoder out-of-bounds read
Resolves: RHEL-184403
[1.22.12-4.2]
- Fix integer overflows in vmnc decoder (CVE-2026-52722)
Resolves: RHEL-184422
[1.22.12-4.1]
- Fix for CVE-2026-52720: validate framebuffer update rectangles
in librfb plugin
Resolves: RHEL-184459
[1.22.12-4]
- fix for CVE-2025-3887
Resolves: RHEL-93059
[1.22.12-3]
- Rebuild
- Resolves: RHEL-38511, RHEL-41157
[1.22.12-2]
- Rebuild
- Resolves: RHEL-38511, RHEL-41157
ELSA-2026-36777 Important: Oracle Linux 9 unbound security update
Oracle Linux Security Advisory ELSA-2026-36777
http://linux.oracle.com/errata/ELSA-2026-36777.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
python3-unbound-1.24.2-3.el9_8.2.x86_64.rpm
unbound-1.24.2-3.el9_8.2.x86_64.rpm
unbound-devel-1.24.2-3.el9_8.2.i686.rpm
unbound-devel-1.24.2-3.el9_8.2.x86_64.rpm
unbound-dracut-1.24.2-3.el9_8.2.x86_64.rpm
unbound-libs-1.24.2-3.el9_8.2.i686.rpm
unbound-libs-1.24.2-3.el9_8.2.x86_64.rpm
aarch64:
python3-unbound-1.24.2-3.el9_8.2.aarch64.rpm
unbound-1.24.2-3.el9_8.2.aarch64.rpm
unbound-devel-1.24.2-3.el9_8.2.aarch64.rpm
unbound-dracut-1.24.2-3.el9_8.2.aarch64.rpm
unbound-libs-1.24.2-3.el9_8.2.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/unbound-1.24.2-3.el9_8.2.src.rpm
Related CVEs:
CVE-2026-40622
CVE-2026-41292
CVE-2026-42534
CVE-2026-44390
Description of changes:
[1.24.2-3.2]
- Fix CVE-2026-40622 (RHEL-184840)
Fix CVE-2026-44390 (RHEL-186688)
Fix CVE-2026-41292 (RHEL-187352)
Fix CVE-2026-42534 (RHEL-187095)
ELSA-2026-36674 Moderate: Oracle Linux 9 gstreamer1-plugins-ugly-free security update
Oracle Linux Security Advisory ELSA-2026-36674
http://linux.oracle.com/errata/ELSA-2026-36674.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
gstreamer1-plugins-ugly-free-1.22.12-6.el9_8.1.i686.rpm
gstreamer1-plugins-ugly-free-1.22.12-6.el9_8.1.x86_64.rpm
aarch64:
gstreamer1-plugins-ugly-free-1.22.12-6.el9_8.1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/gstreamer1-plugins-ugly-free-1.22.12-6.el9_8.1.src.rpm
Related CVEs:
CVE-2026-53703
CVE-2026-53704
Description of changes:
[1.22.12-6.1]
- Fix CVE-2026-53704: multiple rmdemux security issues
- Resolves: RHEL-184464
ELSA-2026-36018 Important: Oracle Linux 9 kernel security, bug fix, and enhancement update
Oracle Linux Security Advisory ELSA-2026-36018
http://linux.oracle.com/errata/ELSA-2026-36018.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-abi-stablelists-5.14.0-687.22.1.el9_8.noarch.rpm
kernel-core-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-cross-headers-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-debug-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-debug-core-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-debug-devel-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-debug-devel-matched-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-debug-modules-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-debug-modules-core-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-debug-modules-extra-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-debug-uki-virt-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-devel-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-devel-matched-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-doc-5.14.0-687.22.1.el9_8.noarch.rpm
kernel-headers-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-modules-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-modules-core-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-modules-extra-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-tools-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-tools-libs-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-tools-libs-devel-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-uki-virt-5.14.0-687.22.1.el9_8.x86_64.rpm
kernel-uki-virt-addons-5.14.0-687.22.1.el9_8.x86_64.rpm
libperf-5.14.0-687.22.1.el9_8.x86_64.rpm
perf-5.14.0-687.22.1.el9_8.x86_64.rpm
python3-perf-5.14.0-687.22.1.el9_8.x86_64.rpm
rtla-5.14.0-687.22.1.el9_8.x86_64.rpm
rv-5.14.0-687.22.1.el9_8.x86_64.rpm
aarch64:
kernel-cross-headers-5.14.0-687.22.1.el9_8.aarch64.rpm
kernel-headers-5.14.0-687.22.1.el9_8.aarch64.rpm
kernel-tools-5.14.0-687.22.1.el9_8.aarch64.rpm
kernel-tools-libs-5.14.0-687.22.1.el9_8.aarch64.rpm
kernel-tools-libs-devel-5.14.0-687.22.1.el9_8.aarch64.rpm
libperf-5.14.0-687.22.1.el9_8.aarch64.rpm
perf-5.14.0-687.22.1.el9_8.aarch64.rpm
python3-perf-5.14.0-687.22.1.el9_8.aarch64.rpm
rtla-5.14.0-687.22.1.el9_8.aarch64.rpm
rv-5.14.0-687.22.1.el9_8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-687.22.1.el9_8.src.rpm
Related CVEs:
CVE-2025-10263
CVE-2026-43112
CVE-2026-43276
CVE-2026-46116
CVE-2026-46155
CVE-2026-46209
CVE-2026-46227
CVE-2026-46244
CVE-2026-46259
CVE-2026-46316
CVE-2026-46323
Description of changes:
[5.14.0-687.22.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 dev is null (Cezar Bulinaru) [Orabug: 39526881] {CVE-2022-50073}
- mmc: dwcmshc_bf3_hw_reset: Log eMMC reset calls (Satyansh Shukla) [Orabug: 39333650]
- arm64: dts: pensando: drop elba penfw firmware node (Tom Saeger) [Orabug: 39522954]
- batman-adv: hold claim backbone gateways by reference (Haoze Xie) [Orabug: 39262374] {CVE-2026-31657}
- rds: Drop rds conn in connect worker if not in down state. (Rohit Nair) [Orabug: 39179363]
[5.15.0-322.203.2]
- LTS version: v5.15.203 (Vijayendra Suman)
- io_uring/poll: correctly handle io_poll_add() return value on update (Jens Axboe)
- ksmbd: Fix dangling pointer in krb_authenticate (Sean Heelan)
- ksmbd: Fix refcount leak when invalid session is found on session lookup (Namjae Jeon)
- Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (Luiz Augusto von Dentz)
- i2c: cp2615: fix serial string NULL-deref at probe (Johan Hovold)
- i2c: cp2615: replace deprecated strncpy with strscpy (Justin Stitt)
- ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() (Namjae Jeon)
- ksmbd: fix potencial OOB in get_file_all_info() for compound requests (Namjae Jeon)
- tracing: Fix potential deadlock in cpu hotplug with osnoise (Luo Haiyang)
- x86/cpu: Enable FSGSBASE early in cpu_init_exception_handling() (Nikunj A Dadhania)
- mm/huge_memory: fix folio isn't locked in softleaf_to_folio() (Jinjiang Tu)
- scsi: target: tcm_loop: Drain commands in target_reset handler (Josef Bacik)
- net: macb: Move devm_{free,request}_irq() out of spin lock area (Kevin Hao)
- dmaengine: sh: rz-dmac: Protect the driver specific lists (Claudiu Beznea)
- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (Claudiu Beznea)
- xfs: save ailp before dropping the AIL lock in push callbacks (Yuto Ohnuki)
- ext4: fix use-after-free in update_super_work when racing with umount (Jiayuan Chen)
- ext4: fix the might_sleep() warnings in kvfree() (Zqiang)
- ext4: publish jinode after initialization (Li Chen)
- usb: gadget: uvc: fix NULL pointer dereference during unbind race (Jimmy Hu)
- usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (Kuen-Han Tsai)
- usb: gadget: f_hid: move list and spinlock inits from bind to alloc (Michael Zimmermann)
- net: rfkill: prevent unlimited numbers of rfkill events from being created (Greg Kroah-Hartman)
- seg6: separate dst_cache for input and output paths in seg6 lwtunnel (Andrea Mayer)
- Revert "mptcp: add needs_id for netlink appending addr" (Matthieu Baerts (NGI0))
- xen/privcmd: unregister xenstore notifier on module exit (GuoHan Zhao)
- netlink: add nla be16/32 types to minlen array (Florian Westphal)
- rxrpc: Fix key/keyring checks in setsockopt(RXRPC_SECURITY_KEY/KEYRING) (David Howells)
- rxrpc: fix reference count leak in rxrpc_server_keyring() (Luxiao Xu)
- net: stmmac: fix integer underflow in chain mode (Tyllis Xu)
- net: qualcomm: qca_uart: report the consumed byte on RX skb allocation failure (Pengpeng Hou)
- mmc: vub300: fix NULL-deref on disconnect (Johan Hovold)
- drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (Sebastian Brzezinka)
- net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() (David Carlier)
- net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (Muhammad Alifa Ramdhan)
- batman-adv: reject oversized global TT response buffers (Ruide Cao)
- nfc: pn533: allocate rx skb before consuming bytes (Pengpeng Hou)
- arm64: dts: hisilicon: hi3798cv200: Add missing dma-ranges (Shawn Guo)
- arm64: dts: hisilicon: poplar: Correct PCIe reset GPIO polarity (Shawn Guo)
- wifi: brcmsmac: Fix dma_free_coherent() size (Thomas Fourier)
- tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (Oleh Konko)
- netfilter: nft_ct: fix use-after-free in timeout object destroy (Tuan Do)
- apparmor: fix race between freeing data and fs accessing it (John Johansen)
- apparmor: fix race on rawdata dereference (John Johansen)
- apparmor: fix differential encoding verification (John Johansen)
- apparmor: fix unprivileged local user can do privileged policy management (John Johansen)
- apparmor: Fix double free of ns_name in aa_replace_profiles() (John Johansen)
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (Massimiliano Pellizzer)
- apparmor: fix side-effect bug in match_char() macro usage (Massimiliano Pellizzer)
- apparmor: fix: limit the number of levels of policy namespaces (John Johansen)
- apparmor: replace recursive profile removal with iterative approach (Massimiliano Pellizzer)
- apparmor: fix memory leak in verify_header (Massimiliano Pellizzer)
- apparmor: validate DFA start states are in bounds in unpack_pdb (Massimiliano Pellizzer)
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (Nuno Sa)
- gpiolib: cdev: fix uninitialised kfifo (Kent Gibson)
- media: uvcvideo: Use heuristic to find stream entity (Ricardo Ribalda)
- media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (Thadeu Lima de Souza Cascardo)
- Input: uinput - take event lock when submitting FF request "event" (Dmitry Torokhov)
- Input: uinput - fix circular locking dependency with ff-core (Mikhail Gavrilov)
- mptcp: fix slab-use-after-free in __inet_lookup_established (Jiayuan Chen)
- xfrm_user: fix info leak in build_report() (Greg Kroah-Hartman)
- wifi: rt2x00usb: fix devres lifetime (Johan Hovold)
- lib/crypto: chacha: Zeroize permuted_state before it leaves scope (Eric Biggers)
- wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free (Alexander Popov)
- io_uring/tctx: work around xa_store() allocation error issue (Jens Axboe)
- usb: gadget: f_uac1_legacy: validate control request size (Taegu Ha)
- usb: gadget: f_rndis: Protect RNDIS options with mutex (Kuen-Han Tsai)
- usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (Kuen-Han Tsai)
- staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser (Navaneeth K)
- smb: client: Fix refcount leak for cifs_sb_tlink (Shuhao Fu)
- net: mctp: Don't access ifa_index when missing (Matt Johnston)
- fbcon: Set fb_display[i]->mode to NULL when the mode is released (Quanmin Yan)
- can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (Marc Kleine-Budde)
- can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (Marc Kleine-Budde)
- can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (Marc Kleine-Budde)
- usb: gadget: dummy_hcd: fix premature URB completion when ZLP follows partial transfer (Sebastian Urban)
- USB: dummy-hcd: Fix interrupt synchronization error (Alan Stern)
- USB: dummy-hcd: Fix locking/synchronization error (Alan Stern)
- thunderbolt: Fix property read in nhi_wake_supported() (Konrad Dybcio)
- net: ftgmac100: fix ring allocation unwind on open failure (Yufan Chen)
- vxlan: validate ND option lengths in vxlan_na_create (Yang Yang)
- netfilter: ipset: drop logically empty buckets in mtype_del (Yifan Wu)
- comedi: me4000: Fix potential overrun of firmware buffer (Ian Abbott)
- comedi: me_daq: Fix potential overrun of firmware buffer (Ian Abbott)
- comedi: ni_atmio16d: Fix invalid clean-up after failed attach (Ian Abbott)
- comedi: Reinit dev->spinlock between attachments to low-level drivers (Ian Abbott)
- comedi: dt2815: add hardware detection to prevent crash (Deepanshu Kartikey)
- cdc-acm: new quirk for EPSON HMD (Oliver Neukum)
- bridge: br_nd_send: validate ND option lengths (Yang Yang)
- phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off (Claudiu Beznea)
- phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data (Claudiu Beznea)
- phy: renesas: rcar-gen3-usb2: Move IRQ request in probe (Claudiu Beznea)
- phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (Claudiu Beznea)
- usb: cdns3: gadget: fix state inconsistency on gadget init failure (Yongchao Wu)
- usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (Yongchao Wu)
- usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (Juno Choi)
- usb: ehci-brcm: fix sleep during atomic (Justin Chen)
- usb: usbtmc: Flush anchored URBs in usbtmc_release (Heitor Alves de Siqueira)
- usb: ulpi: fix double free in ulpi_register_interface() error path (Guangshuo Li)
- usb: quirks: add DELAY_INIT quirk for another Silicon Motion flash drive (Miao Li)
- iio: gyro: mpu3050: Fix out-of-sequence free_irq() (Ethan Tidmore)
- iio: gyro: mpu3050: Move iio_device_register() to correct location (Ethan Tidmore)
- iio: gyro: mpu3050: Fix irq resource leak (Ethan Tidmore)
- iio: gyro: mpu3050: Fix incorrect free_irq() variable (Ethan Tidmore)
- iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (Francesco Lavra)
- iio: light: vcnl4035: fix scan buffer on big-endian (David Lechner)
- iio: dac: ad5770r: fix error return in ad5770r_read_raw() (Antoniu Miclaus)
- Input: xpad - add support for Razer Wolverine V3 Pro (Zoltan Illes)
- Input: i8042 - add TUXEDO InfinityBook Max 16 Gen10 AMD to i8042 quirk table (Christoffer Sandberg)
- Input: synaptics-rmi4 - fix a locking bug in an error path (Bart Van Assche)
- USB: core: add NO_LPM quirk for Razer Kiyo Pro webcam (JP Hein)
- USB: serial: option: add support for Rolling Wireless RW135R-GL (Wanquan Zhong)
- USB: serial: io_edgeport: add support for Blackbox IC135A (Frej Drejhammar)
- drm/ast: dp501: Fix initialization of SCU2C (Thomas Zimmermann)
- hwmon: (occ) Fix division by zero in occ_show_power_1() (Sanman Pradhan)
- MIPS: Fix the GCC version check for __multi3' workaround (Maciej W. Rozycki)
- Bluetooth: SMP: force responder MITM requirements before building the pairing response (Oleh Konko)
- Bluetooth: SMP: derive legacy responder STK authentication from MITM state (Oleh Konko)
- ALSA: ctxfi: Fix missing SPDIFI1 index handling (Takashi Iwai)
- ALSA: caiaq: fix stack out-of-bounds read in init_card (Berk Cem Goksel)
- USB: serial: option: add MeiG Smart SRM825WN (Ernestas Kulik)
- wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (Yasuaki Torimaru)
- drm/ioc32: stop speculation on the drm_compat_ioctl path (Greg Kroah-Hartman)
- riscv: kgdb: fix several debug register assignment bugs (Paul Walmsley)
- hwmon: (occ) Fix missing newline in occ_show_extended() (Sanman Pradhan)
- hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (Sanman Pradhan)
- hwmon: (pxe1610) Check return value of page-select write in probe (Sanman Pradhan)
- bpf: reject direct access to nullable PTR_TO_BUF pointers (Qi Tang)
- ipv6: avoid overflows in ip6_datagram_send_ctl() (Eric Dumazet)
- net/sched: cls_flow: fix NULL pointer dereference on shared blocks (Xiang Mei)
- net/sched: cls_fw: fix NULL pointer dereference on shared blocks (Xiang Mei)
- net/x25: Fix overflow when accumulating packets (Martin Schiller)
- net/x25: Fix potential double free of skb (Martin Schiller)
- net/mlx5: Avoid "No data available" when FW version queries fail (Saeed Mahameed)
- net: macb: properly unregister fixed rate clocks (Fedor Pchelkin)
- net: macb: fix clk handling on PCI glue driver removal (Fedor Pchelkin)
- Bluetooth: MGMT: validate LTK enc_size on load (Keenan Dong)
- netfilter: nf_tables: reject immediate NF_QUEUE verdict (Pablo Neira Ayuso)
- netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (Pablo Neira Ayuso)
- netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (Qi Tang)
- netfilter: nf_conntrack_helper: pass helper to expect cleanup (Qi Tang)
- netfilter: ipset: use nla_strcmp for IPSET_ATTR_NAME attr (Florian Westphal)
- netfilter: x_tables: ensure names are nul-terminated (Florian Westphal)
- netfilter: nfnetlink_log: account for netlink header size (Florian Westphal)
- netfilter: flowtable: strictly check for maximum number of actions (Pablo Neira Ayuso)
- net: ipv6: flowlabel: defer exclusive option free until RCU teardown (Zhengchuan Liang)
- bpf: Fix regsafe() for pointers to packet (Alexei Starovoitov)
- net: xilinx: axienet: Correct BD length masks to match AXIDMA IP spec (Suraj Gupta)
- NFC: pn533: bound the UART receive buffer (Pengpeng Hou)
- net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak (Yochai Eisenrich)
- ipv6: prevent possible UaF in addrconf_permanent_addr() (Paolo Abeni)
- net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() (Xiang Mei)
- bridge: br_nd_send: linearize skb before parsing ND options (Yang Yang)
- ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (Eric Dumazet)
- ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (Eric Dumazet)
- tg3: Fix race for querying speed/duplex (Thomas Bogendoerfer)
- net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak (Yochai Eisenrich)
- net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak (Jiayuan Chen)
- crypto: af-alg - fix NULL pointer dereference in scatterwalk (Norbert Szetei)
- dt-bindings: auxdisplay: ht16k33: Use unevaluatedProperties to fix common property warning (Frank Li)
- btrfs: reject root items with drop_progress and zero drop_level (ZhengYuan Huang)
- HID: multitouch: Check to ensure report responses match the request (Lee Jones)
- objtool: Fix Clang jump table detection (Josh Poimboeuf)
- btrfs: don't take device_list_mutex when querying zone info (Johannes Thumshirn)
- atm: lec: fix use-after-free in sock_def_readable() (Deepanshu Kartikey)
- HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (Benoît Sevens)
- futex: Clear stale exiting pointer in futex_lock_pi() retry path (Davidlohr Bueso)
- dmaengine: xilinx_dma: Fix reset related timeout with two-channel AXIDMA (Tomi Valkeinen)
- dmaengine: xilinx_dma: Program interrupt delay timeout (Radhey Shyam Pandey)
- dmaengine: idxd: Fix freeing the allocated ida too late (Vinicius Costa Gomes)
- btrfs: fix lost error when running device stats on multiple devices fs (Filipe Manana)
- btrfs: fix super block offset in error message in btrfs_validate_super() (Mark Harmstone)
- dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (Marek Vasut)
- dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (Marek Vasut)
- dmaengine: xilinx: xilinx_dma: Fix dma_device directions (Marek Vasut)
- phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (Felix Gu)
- ext4: always drain queued discard work in ext4_mb_release() (Theodore Ts'o)
- ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths (Baokun Li)
- ext4: reject mount if bigalloc with s_first_data_block != 0 (Helen Koike)
- ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() (Ye Bin)
- ext4: make recently_deleted() properly work with lazy itable initialization (Jan Kara)
- ext4: convert inline data to extents when truncate exceeds inline size (Deepanshu Kartikey)
- xfs: stop reclaim before pushing AIL during unmount (Yuto Ohnuki)
- jbd2: gracefully abort on checkpointing state corruptions (Milos Nikic)
- scsi: ses: Handle positive SCSI error from ses_recv_diag() (Greg Kroah-Hartman)
- scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() (Tyllis Xu)
- alarmtimer: Fix argument order in alarm_timer_forward() (Zhan Xusheng)
- erofs: add GFP_NOIO in the bio completion if needed (Jiucheng Xu)
- virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false (xietangxin)
- media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (Yuchan Nam)
- cpufreq: conservative: Reset requested_freq on limits change (Viresh Kumar)
- can: gw: fix OOB heap access in cgw_csum_crc8_rel() (Ali Norouzi)
- s390/barrier: Make array_index_mask_nospec() __always_inline (Vasily Gorbik)
- s390/syscalls: Add spectre boundary for syscall dispatch table (Greg Kroah-Hartman)
- spi: spi-fsl-lpspi: fix teardown order issue (UAF) (Marc Kleine-Budde)
- ASoC: adau1372: Fix clock leak on PLL lock failure (Jihed Chaibi)
- ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (Jihed Chaibi)
- sysctl: fix uninitialized variable in proc_do_large_bitmap (Marc Buerg)
- hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (Sanman Pradhan)
- ACPI: EC: Fix ECDT probe ordering issues (Hans de Goede)
- ACPI: EC: Fix EC address space handler unregistration (Hans de Goede)
- ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (Hans de Goede)
- ACPICA: include/acpi/acpixf.h: Fix indentation (Hans de Goede)
- ASoC: Intel: catpt: Fix the device initialization (Cezary Rojewski)
- drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (Samasth Norway Ananda)
- x86/efi: efi_unmap_boot_services: fix calculation of ranges_to_free size (Mike Rapoport (Microsoft))
- scsi: scsi_transport_sas: Fix the maximum channel scanning issue (Yihang Li)
- RDMA/irdma: Return EINVAL for invalid arp index error (Tatyana Nikolova)
- RDMA/irdma: Fix deadlock during netdev reset with active connections (Anil Samal)
- RDMA/irdma: Remove reset check from irdma_modify_qp_to_err() (Tatyana Nikolova)
- RDMA/irdma: Clean up unnecessary dereference of event->cm_node (Ivan Barrera)
- RDMA/irdma: Remove a NOP wait_event() in irdma_modify_qp_roce() (Tatyana Nikolova)
- RDMA/irdma: Update ibqp state to error if QP is already in error state (Tatyana Nikolova)
- RDMA/rw: Fall back to direct SGE on MR pool exhaustion (Chuck Lever)
- regmap: Synchronize cache for the page selector (Andy Shevchenko)
- net: macb: use the current queue number for stats (Paolo Valerio)
- netfilter: ctnetlink: use netlink policy range checks (David Carlier)
- netlink: allow be16 and be32 types in all uint policy checks (Florian Westphal)
- netlink: introduce bigendian integer types (Florian Westphal)
- netfilter: nft_payload: reject out-of-range attributes via policy (Florian Westphal)
- netlink: introduce NLA_POLICY_MAX_BE (Florian Westphal)
- netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (Weiming Shi)
- netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() (Ren Wei)
- netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD (Weiming Shi)
- Bluetooth: btusb: clamp SCO altsetting table indices (Pengpeng Hou)
- Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (Hyunwoo Kim)
- dma-mapping: add missing inline for dma_free_attrs (Miguel Ojeda)
- net: enetc: fix the output issue of 'ethtool --show-ring' (Wei Fang)
- net: fix fanout UAF in packet_release() via NETDEV_UP race (Yochai Eisenrich)
- platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (Alok Tiwari)
- rtnetlink: count IFLA_INFO_SLAVE_KIND in if_nlmsg_size (Sabrina Dubroca)
- net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer (Qi Tang)
- openvswitch: validate MPLS set/set_masked payload length (Yang Yang)
- nfc: nci: fix circular locking dependency in nci_close_device (Jakub Kicinski)
- ionic: fix persistent MAC address override on PF (Mohammad Heib)
- pinctrl: mediatek: common: Fix probe failure for devices without EINT (Luca Leonardo Scorcia)
- Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (Helen Koike)
- Bluetooth: hci_ll: Fix firmware leak on error path (Anas Iqbal)
- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (Hyunwoo Kim)
- Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (Hyunwoo Kim)
- can: statistics: add missing atomic access in hot path (Oliver Hartkopp)
- af_key: validate families in pfkey_send_migrate() (Eric Dumazet)
- esp: fix skb leak with espintcp and async crypto (Sabrina Dubroca)
- xfrm: Fix the usage of skb->sk (Steffen Klassert)
- xfrm: call xdo_dev_state_delete during state update (Sabrina Dubroca)
- ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (Uzair Mughal)
- dma-buf: Include ioctl.h in UAPI header (Isaac J. Manjarres)
- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (Mark Brown)
- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (Mark Brown)
- module: Fix kernel panic when a symbol st_shndx is out of bounds (Ihor Solodrai)
- HID: mcp2221: cancel last I2C command on read error (Romain Sioen)
- net: usb: r8152: add TRENDnet TUC-ET2G (Valentin Spreckels)
- HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (Günther Noack)
- HID: magicmouse: fix battery reporting for Apple Magic Trackpad 2 (Julius Lehmann)
- nvme-pci: ensure we're polling a polled queue (Keith Busch)
- platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (Hans de Goede)
- platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (Leif Skunberg)
- nvme-pci: cap queue creation to used queues (Keith Busch)
- platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (Peter Metz)
- HID: asus: avoid memory leak in asus_report_fixup() (Günther Noack)
- bpf: Release module BTF IDR before module unload (Kumar Kartikeya Dwivedi)
- sh: platform_early: remove pdev->driver_override check (Danilo Krummrich)
- xen/privcmd: add boot control for restricted usage in domU (Juergen Gross)
- xen/privcmd: restrict usage in unprivileged domU (Juergen Gross)
- netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (Florian Westphal)
- netfilter: nf_tables: de-constify set commit ops function argument (Florian Westphal)
- tools/bootconfig: fix fd leak in load_xbc_file() on fstat failure (Josh Law)
- lib/bootconfig: check xbc_init_node() return in override path (Josh Law)
- drm/i915/gt: Check set_default_submission() before deferencing (Rahul Bukte)
- ksmbd: fix use-after-free of share_conf in compound request (Hyunwoo Kim)
- mtd: rawnand: brcmnand: skip DMA during panic write (Kamal Dasu)
- mtd: rawnand: serialize lock/unlock against other NAND operations (Kamal Dasu)
- i2c: fsi: Fix a potential leak in fsi_i2c_probe() (Christophe JAILLET)
- hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (Sanman Pradhan)
- icmp: fix NULL pointer dereference in icmp_tag_validation() (Weiming Shi)
- net: dsa: bcm_sf2: fix missing clk_disable_unprepare() in error paths (Anas Iqbal)
- net: mvpp2: guard flow control update with global_tx_fc in buffer switching (Muhammad Hammad Ijaz)
- nfnetlink_osf: validate individual option lengths in fingerprints (Weiming Shi)
- net: bonding: fix NULL deref in bond_debug_rlb_hash_show (Xiang Mei)
- udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (Xiang Mei)
- net: macb: fix uninitialized rx_fs_lock (Fedor Pchelkin)
- wifi: mac80211: fix NULL deref in mesh_matches_local() (Xiang Mei)
- igc: fix missing update of skb->tail in igc_xmit_frame() (Kohei Enju)
- net: usb: aqc111: Do not perform PM inside suspend callback (Nikola Z. Ivanov)
- net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() (Jiayuan Chen)
- net/smc: Fix slab-out-of-bounds issue in fallback (Wen Gu)
- net/smc: Only save the original clcsock callback functions (Wen Gu)
- PM: runtime: Fix a race condition related to device removal (Bart Van Assche)
- sched: idle: Consolidate the handling of two special cases (Rafael J. Wysocki)
- net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown (Dipayaan Roy)
- net: bcmgenet: increase WoL poll timeout (Justin Chen)
- netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (Jenny Guanni Qu)
- netfilter: xt_time: use unsigned int for monthday bit shift (Jenny Guanni Qu)
- netfilter: xt_CT: drop pending enqueued packets on template removal (Pablo Neira Ayuso)
- netfilter: nft_ct: drop pending enqueued packets on removal (Pablo Neira Ayuso)
- netfilter: nft_ct: add seqadj extension for natted connections (Andrii Melnychenko)
- netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (Jenny Guanni Qu)
- netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (Lukas Johannes Möller)
- netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (Hyunwoo Kim)
- netfilter: ctnetlink: remove refcounting in expectation dumpers (Florian Westphal)
- net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (Jiayuan Chen)
- Bluetooth: qca: fix ROM version reading on WCN3998 chips (Dmitry Baryshkov)
- Bluetooth: HIDP: Fix possible UAF (Luiz Augusto von Dentz)
- Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (Christian Eggers)
- Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (Christian Eggers)
- Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (Christian Eggers)
- firmware: arm_scpi: Fix device_node reference leak in probe path (Felix Gu)
- of: Add cleanup.h based auto release via __free(device_node) markings (Jonathan Cameron)
- wifi: mac80211: Fix static_branch_dec() underflow for aql_disable. (Kuniyuki Iwashima)
- soc: fsl: qbman: fix race condition in qman_destroy_fq (Richard Genoud)
- btrfs: tree-checker: fix misleading root drop_level error message (ZhengYuan Huang)
- batman-adv: avoid OGM aggregation when skb tailroom is insufficient (Yang Yang)
- pmdomain: bcm: bcm2835-power: Increase ASB control timeout (MaÃra Canal)
- mptcp: pm: avoid sending RM_ADDR over same subflow (Matthieu Baerts (NGI0))
- drm/amd/display: Use GFP_ATOMIC in dc_create_stream_for_sink (Natalie Vock)
- net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (Andrew Lunn)
- smb: client: Don't log plaintext credentials in cifs_set_cifscreds (Thorsten Blum)
- RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (Jason Gunthorpe)
- wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (Daniil Dulov)
- wifi: cfg80211: move scan done work to wiphy work (Johannes Berg)
- wifi: libertas: fix use-after-free in lbs_free_adapter() (Daniel Hodges)
- ext4: always allocate blocks only from groups inode can use (Jan Kara)
- ksmbd: fix null pointer dereference error in generate_encryptionkey (Namjae Jeon)
- ext4: fix dirtyclusters double decrement on fs shutdown (Brian Foster)
- ext4: drop extent cache when splitting extent fails (Zhang Yi)
- ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O (Zhang Yi)
- ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths (Fedor Pchelkin)
- drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free (Jeongjun Park)
- drm/exynos: vidi: fix to avoid directly dereferencing user pointer (Jeongjun Park)
- drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl() (Jeongjun Park)
- net: Handle napi_schedule() calls from non-interrupt (Frederic Weisbecker)
- net: stmmac: dwmac-loongson: Set clk_csr_i to 100-150MHz (Huacai Chen)
- drm/radeon: apply state adjust rules to some additional HAINAN vairants (Alex Deucher)
- serial: uartlite: fix PM runtime usage count underflow on probe (Maciej Andrzejewski ICEYE)
- serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (Ilpo Järvinen)
- serial: 8250: Fix TX deadlock when using DMA (Raul E Rangel)
- serial: 8250_pci: add support for the AX99100 (Martin Roukala (né Peres))
- iommu/vt-d: Fix intel iommu iotlb sync hardlockup and retry (Guanghui Feng)
- mtd: Avoid boot crash in RedBoot partition table parser (Finn Thain)
- mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (Chen Ni)
- mtd: rawnand: pl353: make sure optimal timings are applied (Olivier Sobrie)
- mmc: sdhci: fix timing selection for 1-bit bus width (Luke Wang)
- mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (Matthew Schwartz)
- Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (Lukas Johannes Möller)
- Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (Lukas Johannes Möller)
- net: macb: fix use-after-free access to PTP clock (Fedor Pchelkin)
- NFC: nxp-nci: allow GPIOs to sleep (Ian Ray)
- nvdimm/bus: Fix potential use after free in asynchronous initialization (Ira Weiny)
- sunrpc: fix cache_request leak in cache_release (Jeff Layton)
- driver: iio: add missing checks on iio_info's callback access (Julien Stephan)
- io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop (Jens Axboe)
- l2tp: do not use sock_hold() in pppol2tp_session_get_sock() (Eric Dumazet)
- bpf: Forget ranges when refining tnum after JSET (Paul Chaignon)
- i3c: mipi-i3c-hci: Add missing TID field to no-op command descriptor (Adrian Hunter)
- i3c: mipi-i3c-hci: Restart DMA ring correctly after dequeue abort (Adrian Hunter)
- i3c: mipi-i3c-hci: Use ETIMEDOUT instead of ETIME for timeout errors (Adrian Hunter)
- iio: imu: inv_icm42600: fix odr switch to the same value (Jean-Baptiste Maneyrol)
- iio: gyro: mpu3050-i2c: fix pm_runtime error handling (Antoniu Miclaus)
- iio: gyro: mpu3050-core: fix pm_runtime error handling (Antoniu Miclaus)
- iio: chemical: bme680: Fix measurement wait duration calculation (Chris Spencer)
- iio: potentiometer: mcp4131: fix double application of wiper shift (Lukas Schmid)
- iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (Antoniu Miclaus)
- iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (Antoniu Miclaus)
- iio: dac: ds4424: reject -128 RAW value (Oleksij Rempel)
- btrfs: abort transaction on failure to update root in the received subvol ioctl (Filipe Manana)
- lib/bootconfig: check bounds before writing in __xbc_open_brace() (Josh Law)
- lib/bootconfig: fix snprintf truncation check in xbc_node_compose_key_after() (Josh Law)
- x86/apic: Disable x2apic on resume if the kernel expects so (Shashank Balaji)
- lib/bootconfig: fix off-by-one in xbc_verify_tree() unclosed brace error (Josh Law)
- xfs: fix undersized l_iclog_roundoff values (Darrick J. Wong)
- tracing: Fix trace_buf_size= cmdline parameter with sizes >= 2G (Calvin Owens)
- drm/amdgpu: Fix use-after-free race in VM acquire (Alysa Liu)
- net: ethernet: arc: emac: quiesce interrupts before requesting IRQ (Fan Wu)
- net: ncsi: fix skb leak in error paths (Jian Zhang)
- parisc: Fix initial page table creation for boot (Helge Deller)
- hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (Sanman Pradhan)
- nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (Dave Airlie)
- parisc: Increase initial mapping to 64 MB with KALLSYMS (Helge Deller)
- batman-adv: Avoid double-rtnl_lock ELP metric worker (Sven Eckelmann)
- ice: fix retry for AQ command 0x06EE (Jakub Staniszewski)
- net: mana: Ring doorbell at 4 CQ wraparounds (Long Li)
- media: dvb-net: fix OOB access in ULE extension header tables (Ariel Silver)
- staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (Greg Kroah-Hartman)
- staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie (Luka Gejak)
- irqchip/gic-v3-its: Limit number of per-device MSIs to the range the ITS supports (Marc Zyngier)
- device property: Allow secondary lookup in fwnode_get_next_child_node() (Andy Shevchenko)
- time/jiffies: Mark jiffies_64_to_clock_t() notrace (Steven Rostedt)
- time: add kernel-doc in time.c (Randy Dunlap)
- ceph: fix i_nlink underrun during async unlink (Max Kellermann)
- libceph: admit message frames only in CEPH_CON_S_OPEN state (Ilya Dryomov)
- libceph: Use u32 for non-negative values in ceph_monmap_decode() (Raphael Zimmer)
- libceph: prevent potential out-of-bounds reads in process_message_header() (Ilya Dryomov)
- libceph: reject preamble if control segment is empty (Ilya Dryomov)
- libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() (Raphael Zimmer)
- tipc: fix divide-by-zero in tipc_sk_filter_connect() (Mehul Rao)
- mmc: core: Avoid bitfield RMW for claim/retune flags (Penghe Geng)
- mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (Felix Gu)
- mm/tracing: rss_stat: ensure curr is false from kthread context (Kalesh Singh)
- usb: image: mdc800: kill download URB on timeout (Ziyi Guo)
- usb: mdc800: handle signal and read racing (Oliver Neukum)
- usb: renesas_usbhs: fix use-after-free in ISR during device removal (Fan Wu)
- usb: class: cdc-wdm: fix reordering issue in read code path (Oliver Neukum)
- USB: core: Limit the length of unkillable synchronous timeouts (Alan Stern)
- USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (Alan Stern)
- USB: usbcore: Introduce usb_bulk_msg_killable() (Alan Stern)
- usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (Marc Zyngier)
- usb: core: don't power off roothub PHYs if phy_set_mode() fails (Gabor Juhos)
- usb: misc: uss720: properly clean up reference in uss720_probe() (Greg Kroah-Hartman)
- usb: yurex: fix race in probe (Oliver Neukum)
- usb: xhci: Fix memory leak in xhci_disable_slot() (Zilin Guan)
- usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (Christoffer Sandberg)
- net: usb: lan78xx: skip LTM configuration for LAN7850 (Oleksij Rempel)
- net: usb: lan78xx: fix silent drop of packets with checksum errors (Oleksij Rempel)
- cgroup: fix race between task migration and iteration (Qingye Zhao)
- octeontx2-af: devlink: fix NIX RAS reporter recovery condition (Alok Tiwari)
- ASoC: detect empty DMI strings (Casey Connolly)
- ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (Chen Ni)
- ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (Ben Dooks)
- e1000/e1000e: Fix leak in DMA error cleanup (Matt Vollrath)
- i40e: fix src IP mask checks and memcpy argument names in cloud filter (Alok Tiwari)
- nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set (Sungwoo Kim)
- regulator: pca9450: Correct interrupt type (Peng Fan)
- regulator: pca9450: Make IRQ optional (Frieder Schrempf)
- netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (Yuan Tan)
- netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() (Hyunwoo Kim)
- netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path (Hyunwoo Kim)
- netfilter: x_tables: guard option walkers against 1-byte tail reads (David Dull)
- netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() (Jenny Guanni Qu)
- can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (Wenyuan Li)
- serial: caif: hold tty->link reference in ldisc_open and ser_release (Shuangpeng Bai)
- ASoC: soc-core: flush delayed work before removing DAIs and widgets (matteo.cotifava)
- ASoC: core: Do not call link_exit() on uninitialized rtd objects (Amadeusz Sławiński)
- ASoC: core: Exit all links before removing their components (Cezary Rojewski)
- ASoC: soc-core: accept zero format at snd_soc_runtime_set_dai_fmt() (Kuninori Morimoto)
- ASoC: soc-core: drop delayed_work_pending() check before flush (matteo.cotifava)
- net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (Weiming Shi)
- net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery (Gal Pressman)
- bonding: handle BOND_LINK_FAIL, BOND_LINK_BACK as valid link states (Hangbin Liu)
- xprtrdma: Decrement re_receiving on the early exit paths (Eric Badger)
- powerpc: 83xx: km83xx: Fix keymile vendor prefix (J. Neuschäfer)
- remoteproc: sysmon: Correct subsys_name_len type in QMI request (Bjorn Andersson)
- powerpc/uaccess: Fix inline assembly for clang build on PPC32 (Christophe Leroy (CS GROUP))
- ALSA: usb-audio: Check max frame size for implicit feedback mode, too (Takashi Iwai)
- ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (Takashi Iwai)
- scsi: ses: Fix devices attaching to different hosts (Tomas Henzl)
- ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (Sofia Schneider)
- unshare: fix unshare_fs() handling (Al Viro)
- scsi: mpi3mr: Add NULL checks when resetting request and reply queues (Ranjan Kumar)
- ACPI: PM: Save NVS memory on Lenovo G70-35 (Piotr Mazek)
- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (Jan Kiszka)
- net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (Victor Nogueira)
- net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (Jiayuan Chen)
- net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (Fernando Fernandez Mancera)
- net: stmmac: Fix error handling in VLAN add and delete paths (Ovidiu Panait)
- nfc: rawsock: cancel tx_work before socket teardown (Jakub Kicinski)
- nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (Jakub Kicinski)
- nfc: nci: free skb on nci_transceive early error paths (Jakub Kicinski)
- net: nfc: nci: Fix zero-length proprietary notifications (Ian Ray)
- net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (Koichiro Den)
- amd-xgbe: fix sleep while atomic on suspend/resume (Raju Rangoju)
- ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (Jakub Kicinski)
- xen/acpi-processor: fix _CST detection using undersized evaluation buffer (David Thomson)
- indirect_call_wrapper: do not reevaluate function pointer (Eric Dumazet)
- wifi: wlcore: Fix a locking bug (Bart Van Assche)
- can: mcp251x: fix deadlock in error path of mcp251x_open (Alban Bedel)
- can: bcm: fix locking for bcm_op runtime updates (Oliver Hartkopp)
- atm: lec: fix null-ptr-deref in lec_arp_clear_vccs (Jiayuan Chen)
- dpaa2-switch: do not clear any interrupts automatically (Ioana Ciornei)
- net: dpaa2-switch: serialize changes to priv->mac with a mutex (Vladimir Oltean)
- net: dpaa2-switch replace direct MAC access with dpaa2_switch_port_has_mac() (Vladimir Oltean)
- net: dpaa2-switch: assign port_priv->mac after dpaa2_mac_connect() call (Vladimir Oltean)
- net: dpaa2: replace dpaa2_mac_is_type_fixed() with dpaa2_mac_is_type_phy() (Vladimir Oltean)
- net: ethernet: ti: am65-cpsw-nuss/cpsw-ale: Fix multicast entry handling in ALE table (Chintan Vankar)
- platform/x86: thinkpad_acpi: Fix errors reading battery thresholds (Jonathan Teh)
- selftests: mptcp: more stable simult_flows tests (Paolo Abeni)
- drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock() (Lars Ellenberg)
- Squashfs: check metadata block offset is within range (Phillip Lougher)
- net/sched: ets: fix divide by zero in the offload path (Davide Caratti)
- IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq() (Jason Gunthorpe)
- wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (Vahagn Vardanian)
- wifi: radiotap: reject radiotap with unknown bits (Johannes Berg)
- ALSA: usb-audio: Use correct version for UAC3 header validation (Jun Seo)
- platform/x86: dell-wmi: Add audio/mic mute key codes (Kurt Borja)
- platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (Thorsten Blum)
- x86/efi: defer freeing of boot services memory (Mike Rapoport (Microsoft))
- HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (Greg Kroah-Hartman)
- can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (Greg Kroah-Hartman)
- can: ucan: Fix infinite loop from zero-length messages (Greg Kroah-Hartman)
- can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (Greg Kroah-Hartman)
- net: usb: pegasus: validate USB endpoints (Greg Kroah-Hartman)
- net: usb: kalmia: validate USB endpoints (Greg Kroah-Hartman)
- net: usb: kaweth: validate USB endpoints (Greg Kroah-Hartman)
- nfc: pn533: properly drop the usb interface reference on disconnect (Greg Kroah-Hartman)
- media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (Jens Axboe)
- eventpoll: Fix integer overflow in ep_loop_check_proc() (Jann Horn)
- net: arcnet: com20020-pci: fix support for 2.5Mbit cards (Ethan Nelson-Moore)
- ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (Takashi Iwai)
- fbcon: check return value of con2fb_acquire_newinfo() (Andrey Vatoropin)
- fbcon: move more common code into fb_open() (Daniel Vetter)
- fbcon: Extract fbcon_open/release helpers (Daniel Vetter)
- fbcon: Use delayed work for cursor (Daniel Vetter)
- ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths (Namjae Jeon)
- ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (Takashi Iwai)
- usb: cdns3: fix role switching during resume (Thomas Richard (TI))
- usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (Théo Lebrun)
- usb: cdns3: remove redundant if branch (Hongyu Xie)
- clk: tegra: tegra124-emc: fix device leak on set_rate() (Johan Hovold)
- mfd: omap-usb-host: Fix OF populate on driver rebind (Johan Hovold)
- mfd: omap-usb-host: Convert to platform remove callback returning void (Uwe Kleine-König)
- mfd: qcom-pm8xxx: Fix OF populate on driver rebind (Johan Hovold)
- mfd: qcom-pm8xxx: Convert to platform remove callback returning void (Uwe Kleine-König)
- mfd: qcom-pm8xxx: switch away from using chained IRQ handlers (Dmitry Baryshkov)
- drm/tegra: dsi: fix device leak on probe (Johan Hovold)
- ata: libata-scsi: refactor ata_scsi_translate() (Damien Le Moal)
- ata: libata: remove pointless VPRINTK() calls (Hannes Reinecke)
- ata: libata-scsi: drop DPRINTK calls for cdb translation (Hannes Reinecke)
- scsi: ata: Call scsi_done() directly (Bart Van Assche)
- ARM: omap2: Fix reference count leaks in omap_control_init() (Wentao Liang)
- ARM: OMAP2+: add missing of_node_put before break and return (Wang Qing)
- memory: mtk-smi: fix device leak on larb probe (Johan Hovold)
- memory: mtk-smi: Convert to platform remove callback returning void (Uwe Kleine-König)
- bpf: Fix stack-out-of-bounds write in devmap (Kohei Enju)
- btrfs: fix incorrect key offset in error message in check_dev_extent_item() (Mark Harmstone)
- ALSA: usb-audio: Use inclusive terms (Takashi Iwai)
- ALSA: usb-audio: Cap the packet size pre-calculations (Takashi Iwai)
- scsi: ufs: core: Move link recovery for hibern8 exit failure to wl_resume (Peter Wang)
- scsi: ufs: core: Always initialize the UIC done completion (Bart Van Assche)
- scsi: lpfc: Properly set WC for DPP mapping (Mathias Krause)
- ARM: clean up the memset64() C wrapper (Thomas Weißschuh)
[5.15.0-322.202.1]
- scsi: fcoe: Reject FIP descriptors with zero fip_dlen in CVL walker (Michael Bommarito) [Orabug: 39446044]
- scsi: scsi_transport_fc: Widen FPIN pname walker counter to u32 (Michael Bommarito) [Orabug: 39446044]
- scsi: target: iscsi: Fix CRC overread and double-free in iscsit_handle_text_cmd() (Michael Bommarito) [Orabug: 39446044]
- scsi: target: iscsi: Bound iscsi_encode_text_output() appends to rsp_buf (Michael Bommarito) [Orabug: 39446044]
- ima: process_measurement() needlessly takes inode_lock() on MAY_READ (Frederick Lawler) [Orabug: 39390378]
- net: sched: act_api: implement generic walker and search for tc action (Zhengchao Shao) [Orabug: 39342047]
- btrfs: reserve extra space for the free space tree (Josef Bacik) [Orabug: 39281379]
- btrfs: include the free space tree in the global rsv minimum calculation (Josef Bacik) [Orabug: 39281379]
[5.15.0-321.202.5]
- Revert "ip6_tunnel: Fix usage of skb_vlan_inet_prepare()" (Harshit Mogalapalli) [Orabug: 39476647]
- smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada) [Orabug: 39463672]
[5.15.0-321.202.4]
- tun: free page on build_skb failure in tun_xdp_one() (Weiming Shi) [Orabug: 39429143]
- tap: free page on error paths in tap_get_user_xdp() (Weiming Shi) [Orabug: 39429143]
- tun: free page on short-frame rejection in tun_xdp_one() (Weiming Shi) [Orabug: 39429143]
[5.15.0-321.202.3]
- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39368827] {CVE-2026-46300}
- net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39368827]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39384274] {CVE-2026-46333}
- mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (David Hildenbrand (Red Hat)) [Orabug: 38474901]
- Revert "mm/hugetlb: add option to allows disabling CVE-2025-38085 mitigation" (Samasth Norway Ananda) [Orabug: 38474901]
- mm/rmap: fix two comments related to huge_pmd_unshare() (David Hildenbrand (Red Hat)) [Orabug: 38474901]
- mm/hugetlb: fix two comments related to huge_pmd_unshare() (David Hildenbrand (Red Hat)) [Orabug: 38474901]
- mm/hugetlb: fix hugetlb_pmd_shared() (David Hildenbrand (Red Hat)) [Orabug: 38474901]
[5.15.0-321.202.2]
- dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler (Guenter Roeck)
- Revert "arm64: dts: qcom: sdm845-oneplus: Mark l14a regulator as boot-on" (Sasha Levin)
- ip6_tunnel: Fix usage of skb_vlan_inet_prepare() (Ben Hutchings)
- hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (Gui-Dong Han)
- wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (Guenter Roeck)
- sched: idle: Make skipping governor callbacks more consistent (Rafael J. Wysocki)
- nvmet-tcp: fix use-before-check of sg in bounds validation (Cengiz Can)
- remoteproc: mediatek: Unprepare SCP clock during system suspend (Tzung-Bi Shih)
- net: openvswitch: Avoid releasing netdev before teardown completes (Toke Høiland-Jørgensen)
- ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (Rafael J. Wysocki)
- net: hsr: fix VLAN add unwind on slave errors (Luka Gejak)
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39327141] {CVE-2025-54518}
- xfrm: esp: ipv4: fix up flags setting (Greg Kroah-Hartman) [Orabug: 39342679] {CVE-2026-43284}
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39342679] {CVE-2026-43284}
- KVM: x86: disable preemption around the call to kvm_arch_vcpu_{un|}blocking (Maxim Levitsky) [Orabug: 39334996]
- KVM: Don't block+unblock when halt-polling is successful (Sean Christopherson) [Orabug: 39334996]
- nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39167616] {CVE-2026-31402}
- net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (Victor Nogueira) [Orabug: 39103230] {CVE-2026-23270}
- exadata: tools: perf: update column to comm_nodigit (Stephen Brennan) [Orabug: 39327019]
- perf report: Add comm_nodigit sort key (Stephen Brennan) [Orabug: 39327019]
- Revert "tools: perf: add comm_ignore_digit column" (Stephen Brennan) [Orabug: 39327019]
ELSA-2026-50388 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50388
http://linux.oracle.com/errata/ELSA-2026-50388.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-5.4.17-2136.357.3.2.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.357.3.2.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.357.3.2.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.357.3.2.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.357.3.2.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.357.3.2.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.357.3.2.el8uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.357.3.2.el8uek.src.rpm
Related CVEs:
CVE-2026-43499
Description of changes:
[5.4.17-2136.357.3.2]
- locking/rtmutex: Skip remove_waiter() when waiter is not enqueued (Davidlohr Bueso) [Orabug: 39706958]
- rtmutex: Use waiter::task instead of current in remove_waiter() (Keenan Dong) [Orabug: 39706958] {CVE-2026-43499}
ELBA-2026-50378 Oracle Linux 9 fips-provider-next bug fix update
Oracle Linux Bug Fix Advisory ELBA-2026-50378
http://linux.oracle.com/errata/ELBA-2026-50378.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
fips-provider-next-1.2.0-5.0.2.el9.x86_64.rpm
aarch64:
fips-provider-next-1.2.0-5.0.2.el9.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/fips-provider-next-1.2.0-5.0.2.el9.src.rpm
Description of changes:
[1.2.0-5.0.2]
- Fix FIPS module name/version [Orabug: 39680808]
ELSA-2026-50387 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50387
http://linux.oracle.com/errata/ELSA-2026-50387.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-5.15.0-322.203.3.3.el8uek.x86_64.rpm
kernel-uek-5.15.0-322.203.3.3.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-322.203.3.3.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-322.203.3.3.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-322.203.3.3.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-322.203.3.3.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-322.203.3.3.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-322.203.3.3.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-322.203.3.3.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-322.203.3.3.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-322.203.3.3.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-322.203.3.3.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-322.203.3.3.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-322.203.3.3.el8uek.x86_64.rpm
aarch64:
bpftool-5.15.0-322.203.3.3.el8uek.aarch64.rpm
kernel-uek-5.15.0-322.203.3.3.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-322.203.3.3.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-322.203.3.3.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-322.203.3.3.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-322.203.3.3.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-322.203.3.3.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-322.203.3.3.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-322.203.3.3.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-322.203.3.3.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-322.203.3.3.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-322.203.3.3.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-322.203.3.3.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-322.203.3.3.el8uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.15.0-322.203.3.3.el8uek.src.rpm
Related CVEs:
CVE-2026-43499
Description of changes:
[5.15.0-322.203.3.3]
- locking/rtmutex: Skip remove_waiter() when waiter is not enqueued (Davidlohr Bueso) [Orabug: 39706512]
- rtmutex: Use waiter::task instead of current in remove_waiter() (Keenan Dong) [Orabug: 39706512] {CVE-2026-43499}
ELSA-2026-36734 Low: Oracle Linux 8 libxml2 security update
Oracle Linux Security Advisory ELSA-2026-36734
http://linux.oracle.com/errata/ELSA-2026-36734.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
libxml2-2.9.7-21.el8_10.6.i686.rpm
libxml2-2.9.7-21.el8_10.6.x86_64.rpm
libxml2-devel-2.9.7-21.el8_10.6.i686.rpm
libxml2-devel-2.9.7-21.el8_10.6.x86_64.rpm
python3-libxml2-2.9.7-21.el8_10.6.x86_64.rpm
aarch64:
libxml2-2.9.7-21.el8_10.6.aarch64.rpm
libxml2-devel-2.9.7-21.el8_10.6.aarch64.rpm
python3-libxml2-2.9.7-21.el8_10.6.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libxml2-2.9.7-21.el8_10.6.src.rpm
Related CVEs:
CVE-2025-6170
Description of changes:
[2.9.7-21.6]
- Fix CVE-2025-6170 (RHEL-182012)
ELBA-2026-25921 Oracle Linux 8 scap-security-guide bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-25921
http://linux.oracle.com/errata/ELBA-2026-25921.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
scap-security-guide-0.1.81-1.0.1.el8_10.noarch.rpm
scap-security-guide-doc-0.1.81-1.0.1.el8_10.noarch.rpm
aarch64:
scap-security-guide-0.1.81-1.0.1.el8_10.noarch.rpm
scap-security-guide-doc-0.1.81-1.0.1.el8_10.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/scap-security-guide-0.1.81-1.0.1.el8_10.src.rpm
Description of changes:
[0.1.81-1.0.1]
- Update OL8 STIG to V2R8 [Orabug: 39500191]
- Update OL9 STIG to V1R5 [Orabug: 39500191]
- Fix RH rerefences for OL10 [Orabug: 39500191]
[0.1.81.openela.1.0]
- Make OpenELA a derivative of RHEL
[0.1.81-1]
- Rebase scap-security-guide to 0.1.81 (RHEL-177640)
ELSA-2026-36728 Low: Oracle Linux 8 libtasn1 security update
Oracle Linux Security Advisory ELSA-2026-36728
http://linux.oracle.com/errata/ELSA-2026-36728.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
libtasn1-4.13-6.el8_10.i686.rpm
libtasn1-4.13-6.el8_10.x86_64.rpm
libtasn1-devel-4.13-6.el8_10.i686.rpm
libtasn1-devel-4.13-6.el8_10.x86_64.rpm
libtasn1-tools-4.13-6.el8_10.x86_64.rpm
aarch64:
libtasn1-4.13-6.el8_10.aarch64.rpm
libtasn1-devel-4.13-6.el8_10.aarch64.rpm
libtasn1-tools-4.13-6.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libtasn1-4.13-6.el8_10.src.rpm
Related CVEs:
CVE-2025-13151
Description of changes:
[4.13-6]
- Backport the fix for CVE-2025-13151 (RHEL-139546)
ELSA-2026-37282 Important: Oracle Linux 8 unbound security update
Oracle Linux Security Advisory ELSA-2026-37282
http://linux.oracle.com/errata/ELSA-2026-37282.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
python3-unbound-1.16.2-5.12.el8_10.x86_64.rpm
unbound-1.16.2-5.12.el8_10.x86_64.rpm
unbound-devel-1.16.2-5.12.el8_10.i686.rpm
unbound-devel-1.16.2-5.12.el8_10.x86_64.rpm
unbound-libs-1.16.2-5.12.el8_10.i686.rpm
unbound-libs-1.16.2-5.12.el8_10.x86_64.rpm
aarch64:
python3-unbound-1.16.2-5.12.el8_10.aarch64.rpm
unbound-1.16.2-5.12.el8_10.aarch64.rpm
unbound-devel-1.16.2-5.12.el8_10.aarch64.rpm
unbound-libs-1.16.2-5.12.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/unbound-1.16.2-5.12.el8_10.src.rpm
Related CVEs:
CVE-2026-40622
CVE-2026-41292
CVE-2026-42534
CVE-2026-44390
Description of changes:
[1.16.2-5.12]
- Fix CVE-2026-40622 (RHEL-184832)
- Fix CVE-2026-44390 (RHEL-186680)
- Fix CVE-2026-41292 (RHEL-187346)
- Fix CVE-2026-42534 (RHEL-187081)
ELSA-2026-37137 Important: Oracle Linux 8 tomcat security, bug fix, and enhancement update
Oracle Linux Security Advisory ELSA-2026-37137
http://linux.oracle.com/errata/ELSA-2026-37137.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
tomcat-9.0.87-2.el8_10.noarch.rpm
tomcat-admin-webapps-9.0.87-2.el8_10.noarch.rpm
tomcat-docs-webapp-9.0.87-2.el8_10.noarch.rpm
tomcat-el-3.0-api-9.0.87-2.el8_10.noarch.rpm
tomcat-jsp-2.3-api-9.0.87-2.el8_10.noarch.rpm
tomcat-lib-9.0.87-2.el8_10.noarch.rpm
tomcat-servlet-4.0-api-9.0.87-2.el8_10.noarch.rpm
tomcat-webapps-9.0.87-2.el8_10.noarch.rpm
aarch64:
tomcat-9.0.87-2.el8_10.noarch.rpm
tomcat-admin-webapps-9.0.87-2.el8_10.noarch.rpm
tomcat-docs-webapp-9.0.87-2.el8_10.noarch.rpm
tomcat-el-3.0-api-9.0.87-2.el8_10.noarch.rpm
tomcat-jsp-2.3-api-9.0.87-2.el8_10.noarch.rpm
tomcat-lib-9.0.87-2.el8_10.noarch.rpm
tomcat-servlet-4.0-api-9.0.87-2.el8_10.noarch.rpm
tomcat-webapps-9.0.87-2.el8_10.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/tomcat-9.0.87-2.el8_10.src.rpm
Related CVEs:
CVE-2026-29146
CVE-2026-34486
Description of changes:
[1:9.0.87-2]
- Resolves: RHEL-183993 Remove tomcat clustering JAR from RPM builds
ELSA-2026-36733 Moderate: Oracle Linux 8 cups security update
Oracle Linux Security Advisory ELSA-2026-36733
http://linux.oracle.com/errata/ELSA-2026-36733.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
cups-2.2.6-68.el8_10.x86_64.rpm
cups-client-2.2.6-68.el8_10.x86_64.rpm
cups-devel-2.2.6-68.el8_10.i686.rpm
cups-devel-2.2.6-68.el8_10.x86_64.rpm
cups-filesystem-2.2.6-68.el8_10.noarch.rpm
cups-ipptool-2.2.6-68.el8_10.x86_64.rpm
cups-libs-2.2.6-68.el8_10.i686.rpm
cups-libs-2.2.6-68.el8_10.x86_64.rpm
cups-lpd-2.2.6-68.el8_10.x86_64.rpm
aarch64:
cups-2.2.6-68.el8_10.aarch64.rpm
cups-client-2.2.6-68.el8_10.aarch64.rpm
cups-devel-2.2.6-68.el8_10.aarch64.rpm
cups-filesystem-2.2.6-68.el8_10.noarch.rpm
cups-ipptool-2.2.6-68.el8_10.aarch64.rpm
cups-libs-2.2.6-68.el8_10.aarch64.rpm
cups-lpd-2.2.6-68.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/cups-2.2.6-68.el8_10.src.rpm
Related CVEs:
CVE-2026-34980
Description of changes:
[1:2.2.6-68]
- RHEL-177947 CVE-2026-34980 cups: control character injection in option values
ELSA-2026-37130 Important: Oracle Linux 8 gstreamer1-plugins-bad-free security update
Oracle Linux Security Advisory ELSA-2026-37130
http://linux.oracle.com/errata/ELSA-2026-37130.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
gstreamer1-plugins-bad-free-1.16.1-8.0.1.el8_10.i686.rpm
gstreamer1-plugins-bad-free-1.16.1-8.0.1.el8_10.x86_64.rpm
gstreamer1-plugins-bad-free-devel-1.16.1-8.0.1.el8_10.i686.rpm
gstreamer1-plugins-bad-free-devel-1.16.1-8.0.1.el8_10.x86_64.rpm
aarch64:
gstreamer1-plugins-bad-free-1.16.1-8.0.1.el8_10.aarch64.rpm
gstreamer1-plugins-bad-free-devel-1.16.1-8.0.1.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/gstreamer1-plugins-bad-free-1.16.1-8.0.1.el8_10.src.rpm
Related CVEs:
CVE-2026-52720
CVE-2026-52722
Description of changes:
[1.16.1-8.0.1]
- Update origin URL [Orabug: 36209826]
[1.16.1-8]
- Fix for CVE-2026-52720: librfb framebuffer update rectangle
validation
Resolves: RHEL-184455
[1.16.1-7]
- Fix integer overflow in vmncdec (CVE-2026-52722)
Resolves: RHEL-184414
ELSA-2026-36774 Important: Oracle Linux 8 gstreamer1-plugins-good security update
Oracle Linux Security Advisory ELSA-2026-36774
http://linux.oracle.com/errata/ELSA-2026-36774.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
gstreamer1-plugins-good-1.16.1-7.el8_10.i686.rpm
gstreamer1-plugins-good-1.16.1-7.el8_10.x86_64.rpm
gstreamer1-plugins-good-gtk-1.16.1-7.el8_10.i686.rpm
gstreamer1-plugins-good-gtk-1.16.1-7.el8_10.x86_64.rpm
aarch64:
gstreamer1-plugins-good-1.16.1-7.el8_10.aarch64.rpm
gstreamer1-plugins-good-gtk-1.16.1-7.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/gstreamer1-plugins-good-1.16.1-7.el8_10.src.rpm
Related CVEs:
CVE-2026-53705
Description of changes:
[1.16.1-7]
- Fix integer overflow vulnerabilities in wavpackdec (CVE-2026-53705)
Resolves: RHEL-184473
ELSA-2026-36732 Moderate: Oracle Linux 8 python-urllib3 security update
Oracle Linux Security Advisory ELSA-2026-36732
http://linux.oracle.com/errata/ELSA-2026-36732.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
python3-urllib3-1.24.2-10.el8_10.noarch.rpm
aarch64:
python3-urllib3-1.24.2-10.el8_10.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/python-urllib3-1.24.2-10.el8_10.src.rpm
Related CVEs:
CVE-2026-44431
Description of changes:
[1.24.2-10]
- Security fix for CVE-2026-44431
Resolves: RHEL-184858
ELSA-2026-36730 Moderate: Oracle Linux 8 libsolv security update
Oracle Linux Security Advisory ELSA-2026-36730
http://linux.oracle.com/errata/ELSA-2026-36730.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
libsolv-0.7.20-7.el8_10.i686.rpm
libsolv-0.7.20-7.el8_10.x86_64.rpm
libsolv-devel-0.7.20-7.el8_10.i686.rpm
libsolv-devel-0.7.20-7.el8_10.x86_64.rpm
libsolv-tools-0.7.20-7.el8_10.x86_64.rpm
python3-solv-0.7.20-7.el8_10.x86_64.rpm
aarch64:
libsolv-0.7.20-7.el8_10.aarch64.rpm
libsolv-devel-0.7.20-7.el8_10.aarch64.rpm
libsolv-tools-0.7.20-7.el8_10.aarch64.rpm
python3-solv-0.7.20-7.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libsolv-0.7.20-7.el8_10.src.rpm
Related CVEs:
CVE-2026-48864
Description of changes:
[0.7.20-7]
- Fix a buffer overflow when decompressing solv pages (CVE-2026-48864)
(RHEL-178970)
ELSA-2026-36201 Important: Oracle Linux 8 389-ds:1.4 security update
Oracle Linux Security Advisory ELSA-2026-36201
http://linux.oracle.com/errata/ELSA-2026-36201.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
389-ds-base-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.x86_64.rpm
389-ds-base-devel-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.x86_64.rpm
389-ds-base-legacy-tools-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.x86_64.rpm
389-ds-base-libs-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.x86_64.rpm
389-ds-base-snmp-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.x86_64.rpm
python3-lib389-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.noarch.rpm
aarch64:
389-ds-base-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.aarch64.rpm
389-ds-base-devel-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.aarch64.rpm
389-ds-base-legacy-tools-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.aarch64.rpm
389-ds-base-libs-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.aarch64.rpm
389-ds-base-snmp-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.aarch64.rpm
python3-lib389-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/389-ds-base-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.src.rpm
Related CVEs:
CVE-2026-11610
CVE-2026-11774
Description of changes:
[1.4.3.39-25]
- Bump version to 1.4.3.39-25
- Resolves: RHEL-182162 - EMBARGOED CVE-2026-11610 389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND [rhel-8.10.z]
- Resolves: RHEL-183102 - CVE-2026-11774 389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit
[1.4.3.39-24]
- Bump version to 1.4.3.39-24
- Resolves: RHEL-170278 - Memory leaks in syncrepl plugin during persistent search operations [rhel-8.10.z]
- Resolves: RHEL-163375 - WARN - keys2idl - received NULL idl from index_read_ext_allids
- Resolves: RHEL-159306 - ns-slapd crash in libdb possible memory corruption [rhel-8.10.z]
- Resolves: RHEL-170284 - access log - suspicious wtime optime negative and large values in internal op [rhel-8.10.z]
- Resolves: RHEL-170507 - ns-slapd fails to shutdown when deferred memberof update is in progress [rhel-8.10.z]
- Resolves: RHEL-170509 - Crash in trim_changelog() during the Retro Changelog trimming [rhel-8.10.z]
- Resolves: RHEL-170514 - Possible memory leak when using the Retro Changelog plugin [rhel-8.10.z]
- Resolves: RHEL-170512 - Crash in replica_config_add when manually configuring a replica with an incorrect nsds5ReplicaRoot [rhel-8.10.z]
- Resolves: RHEL-174523 - [RFE] Add OS-level thread names to all server threads [rhel-8.10.z]
- Resolves: RHEL-170483 - test_vlv_recreation_reindex fails on LMDB [rhel-8.10.z]
- Resolves: RHEL-178076 - CVE-2026-9064 389-ds:1.4/389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS) [rhel-8.10.z]
[1.4.3.39-23]
- Resolves: RHEL-137074 - CVE-2025-14905 389-ds:1.4/389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow [rhel-8.10.z]
- Resolves: RHEL-152098 - Scalability issue of replication online initialization with large database [rhel-8.10.z]
[1.4.3.39-22]
- Resolves: RHEL-148485 - Upgrading IDM to latest version: 389-ds-base and ipa-server breaks replication [rhel-8.10.z]
[1.4.3.39-21]
- Resolves: RHEL-141419 - (&(cn:dn:=groups)) no longer returns results [rhel-8.10.z]
- Resolves: RHEL-140272 - ipa-healthcheck is complaining about missing or
incorrectly configured system indexes. [rhel-8.10.z]
[1.4.3.39-20]
- Resolves: RHEL-140086 - Upgrading IDM to latest version: 389-ds-base and ipa-server breaks replication [rhel-8.10.z]
[1.4.3.39-19]
- Resolves: RHEL-117759 - Replication online reinitialization of a large database gets stalled. [rhel-8.10.z]
[1.4.3.39-18]
- Reverts: RHEL-123241 - Attribute uniqueness is not enforced upon modrdn operation [rhel-8.10.z]
[1.4.3.39-17]
- Resolves: RHEL-80491 - Can't rename users member of automember rule [rhel-8.10.z]
- Resolves: RHEL-87191 - Some replication status data are reset upon a restart. [rhel-8.10.z]
- Resolves: RHEL-89785 - Extend log of operations statistics in access log
- Resolves: RHEL-111226 - Error showing local password policy on web UI [rhel-8.10.z]
- Resolves: RHEL-113976 - AddressSanitizer: memory leak in memberof_add_memberof_attr [rhel-8.10.z]
- Resolves: RHEL-117457 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups
- Resolves: RHEL-117752 - Crash if repl keep alive entry can not be created [rhel-8.10.z]
- Resolves: RHEL-117759 - Replication online reinitialization of a large database gets stalled. [rhel-8.10.z]
- Resolves: RHEL-117765 - Statistics about index lookup report a wrong duration [rhel-8.10.z]
- Resolves: RHEL-123228 - Improve the way to detect asynchronous operations in the access logs [rhel-8.10.z]
- Resolves: RHEL-123241 - Attribute uniqueness is not enforced upon modrdn operation [rhel-8.10.z]
- Resolves: RHEL-123254 - Typo in errors log after a Memberof fixup task. [rhel-8.10.z]
- Resolves: RHEL-123269 - LDAP high CPU usage while handling indexes with IDL scan limit at INT_MAX [rhel-8.10.z]
- Resolves: RHEL-123276 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue [rhel-8.10.z]
- Resolves: RHEL-123363 - When deferred memberof update is enabled after the server crashed it should not launch memberof fixup task by default [rhel-8.10.z]
- Resolves: RHEL-123365 - IPA health check up script shows time skew is over 24 hours [rhel-8.10.z]
- Resolves: RHEL-123920 - Changelog trimming - add number of scanned entries to the log [rhel-8.10.z]
- Resolves: RHEL-126512 - Created user password hash available to see in audit log [rhel-8.10.z]
- Resolves: RHEL-129578 - Fix paged result search locking [rhel-8.10.z]
- Resolves: RHEL-130900 - On RHDS 12.6 The user password policy for a user was created, but the pwdpolicysubentry attribute for this user incorrectly points to the People OU password policy instead of the specific user policy. [rhel-8.10.z]
[1.4.3.39-15]
- Resolves: RHEL-109028 - Allow Uniqueness plugin to search uniqueness attributes using custom matching rules [rhel-8.10.z]
ELSA-2026-50388 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50388
http://linux.oracle.com/errata/ELSA-2026-50388.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
aarch64:
kernel-uek-5.4.17-2136.357.3.2.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.357.3.2.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.357.3.2.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.357.3.2.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.357.3.2.el8uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.357.3.2.el8uek.src.rpm
Related CVEs:
CVE-2026-43499
Description of changes:
[5.4.17-2136.357.3.2]
- locking/rtmutex: Skip remove_waiter() when waiter is not enqueued (Davidlohr Bueso) [Orabug: 39706958]
- rtmutex: Use waiter::task instead of current in remove_waiter() (Keenan Dong) [Orabug: 39706958] {CVE-2026-43499}
[5.4.17-2136.357.3.1]
- KVM: x86: Fix shadow paging use-after-free due to unexpected role (Paolo Bonzini) [Orabug: 39673892]
- KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/MMU: Recursively zap nested TDP SPs when zapping last/only parent (Ben Gardon) [Orabug: 39673892]
- KVM: x86/mmu: Move flush logic from mmu_page_zap_pte() to FNAME(invlpg) (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: pull call to drop_large_spte() into __link_shadow_page() (Paolo Bonzini) [Orabug: 39673892]
- KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (Like Xu) [Orabug: 39673892]
- KVM: MMU: load PDPTRs outside mmu_lock (Paolo Bonzini) [Orabug: 39673892]
- KVM: x86/mmu: Check PDPTRs before allocating PAE roots (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Always pass 0 for @quadrant when gptes are 8 bytes (David Matlack) [Orabug: 39673892]
- KVM: x86/mmu: Derive shadow MMU page role from parent (David Matlack) [Orabug: 39673892]
- KVM: X86: Remove useless code to set role.gpte_is_8_bytes when role.direct (Lai Jiangshan) [Orabug: 39673892]
- KVM: X86: Synchronize the shadow pagetable before link it (Lai Jiangshan) [Orabug: 39673892]
- KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (Lai Jiangshan) [Orabug: 39673892]
- KVM: x86/mmu: Refactor shadow walk in __direct_map() to reduce indentation (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Stop passing "direct" to mmu_alloc_root() (David Matlack) [Orabug: 39673892]
- KVM: x86/mmu: Use a bool for direct (David Matlack) [Orabug: 39673892]
- kvm: mmu: Replace unsigned with unsigned int for PTE access (Ben Gardon) [Orabug: 39673892]
- KVM: x86/mmu: Ensure MMU pages are available when allocating roots (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Allocate pae_root and lm_root pages in dedicated helper (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Allocate the lm_root before allocating PAE roots (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Capture 'mmu' in a local variable when allocating roots (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Alloc page for PDPTEs when shadowing 32-bit NPT with 64-bit (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Stash 'kvm' in a local variable in kvm_mmu_free_roots() (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Add a helper to consolidate root sp allocation (Sean Christopherson) [Orabug: 39673892]
- net/sched: act_pedit: fix action bind logic (Pedro Tammela) [Orabug: 39680880]
- net/sched: act_pedit: free pedit keys on bail from offset check (Pedro Tammela) [Orabug: 39680880]
- net/sched: fix pedit partial COW leading to page cache corruption (Rajat Gupta) [Orabug: 39680880] {CVE-2026-46331}
- net/sched: act_pedit: Parse L3 Header for L4 offset (Max Tottenham) [Orabug: 39680880]
- net/sched: act_pedit: rate limit datapath messages (Pedro Tammela) [Orabug: 39680880]
- net/sched: act_pedit: check static offsets a priori (Pedro Tammela) [Orabug: 39680880]
- net/sched: act_pedit: remove extra check for key type (Pedro Tammela) [Orabug: 39680880]
- net/sched: simplify tcf_pedit_act (Pedro Tammela) [Orabug: 39680880]
- net/sched: transition act_pedit to rcu and percpu stats (Pedro Tammela) [Orabug: 39680880]
- net/sched: act_pedit: use NLA_POLICY for parsing 'ex' keys (Pedro Tammela) [Orabug: 39680880]
[5.4.17-2136.357.3]
- net: skbuff: fix missing zerocopy reference in pskb_carve helpers (Minh Nguyen) [Orabug: 39619389] {CVE-2026-52943}
[5.4.17-2136.357.2]
- net: fix fanout UAF in packet_release() via NETDEV_UP race (Yochai Eisenrich) [Orabug: 39250953] {CVE-2026-31504}
- x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers (Dan Williams) [Orabug: 39429802]
- x86/kaslr: Reduce KASLR entropy on most x86 systems (Balbir Singh) [Orabug: 39429802]
- net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (Cezar Bulinaru) [Orabug: 39526882] {CVE-2022-50073}
- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39548666] {CVE-2025-10263}
- arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39548666]
- ARM: uek: Disable CONFIG_QCOM_FALKOR_ERRATUM_1003 (Boris Ostrovsky) [Orabug: 39548666]
- arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39548666]
- arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39548666]
- arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39548666]
- ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (Eric Dumazet) [Orabug: 39300926] {CVE-2026-43037}
[5.4.17-2136.357.1]
- batman-adv: hold claim backbone gateways by reference (Haoze Xie) [Orabug: 39262375] {CVE-2026-31657}
- scsi: fcoe: Reject FIP descriptors with zero fip_dlen in CVL walker (Michael Bommarito) [Orabug: 39446045]
- scsi: target: iscsi: Fix CRC overread and double-free in iscsit_handle_text_cmd() (Michael Bommarito) [Orabug: 39446045]
- scsi: target: iscsi: Bound iscsi_encode_text_output() appends to rsp_buf (Michael Bommarito) [Orabug: 39446045]
- rds: Drop rds conn in connect worker if not in down state. (Rohit Nair) [Orabug: 39152239]
[5.4.17-2136.356.4.1]
- smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada) [Orabug: 39463669] {CVE-2026-46243}
[5.4.17-2136.356.4]
- tun: free page on build_skb failure in tun_xdp_one() (Weiming Shi) [Orabug: 39429147]
- tap: free page on error paths in tap_get_user_xdp() (Weiming Shi) [Orabug: 39429147]
- tun: free page on short-frame rejection in tun_xdp_one() (Weiming Shi) [Orabug: 39429147]
[5.4.17-2136.356.3]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39384275,39391459] {CVE-2026-46333}
- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39368828,39441326] {CVE-2026-43503,CVE-2026-46300}
- net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39368828] {CVE-2026-46300}
[5.4.17-2136.356.2]
- nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39167617,39368718] {CVE-2026-31402}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi) [Orabug: 38985173,39368732] {CVE-2026-23216}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi) [Orabug: 38970455,39368774] {CVE-2026-23193}
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39334580,39367147] {CVE-2026-43284}
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39218897] {CVE-2025-54518}
[5.4.17-2136.356.1]
- arm64/kvm: Include linux/random.h in trng.c (Siddh Raman Pant) [Orabug: 39327096]
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Tam Nguyen) [Orabug: 39174662]
- i2c: designware: Handle invalid SMBus block data response length value (Tam Nguyen) [Orabug: 39174662]
- i2c: designware: fix __i2c_dw_disable() in case master is holding SCL low (Yann Sionneau) [Orabug: 39174662]
ELSA-2026-36721 Moderate: Oracle Linux 8 edk2 security, bug fix, and enhancement update
Oracle Linux Security Advisory ELSA-2026-36721
http://linux.oracle.com/errata/ELSA-2026-36721.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
edk2-ovmf-20220126gitbb1bba3d77-13.el8_10.10.noarch.rpm
aarch64:
edk2-aarch64-20220126gitbb1bba3d77-13.el8_10.10.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/edk2-20220126gitbb1bba3d77-13.el8_10.10.src.rpm
Related CVEs:
CVE-2025-9230
Description of changes:
[20220126gitbb1bba3d77-13.el8.10]
- edk2-OvmfPkg-Expand-EnrollDefaultKeys-with-Microsoft-2023.patch [RHEL-151949]
- Resolves: RHEL-151949
([FJ8.10 Bug] How to Update Secure Boot Certificates with Microsoft 2023 in KVM Guests)
[20220126gitbb1bba3d77-13.el8.9]
- edk2-openssl-flatten-contents-of-openssl-tarball.patch [RHEL-115901]
- edk2-Bumped-openssl-submodule-to-rhel-8-main.patch [RHEL-115901]
- Resolves: RHEL-115901
(CVE-2025-9230 edk2: Out-of-bounds read & write in RFC 3211 KEK Unwrap [rhel-8.10.z])
[20220126gitbb1bba3d77-13.el8.8]
- edk2-ArmVirtPkg-Add-Hash2DxeCrypto-to-ArmVirtPkg.patch [RHEL-71687]
- Resolves: RHEL-71687
([Regression] HTTP boot not available [aarch64] [rhel-8.10.z])
[20220126gitbb1bba3d77-13.el8.7]
- edk2-redhat-Fix-ovmf-vars-generator-RH-only.patch [RHEL-66236]
- Resolves: RHEL-66236
([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-8.10])
[20220126gitbb1bba3d77-13.el8.6]
- edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-66188]
- Resolves: RHEL-66188
([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-8.10])
[20220126gitbb1bba3d77-13.el8.5]
- edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66236]
- edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66236]
- Resolves: RHEL-66236
([Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-8.10])
[20220126gitbb1bba3d77-13.el8.4]
- edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch [RHEL-60830]
- Resolves: RHEL-60830
(CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-8.10.z])
[20220126gitbb1bba3d77-13.el8.3]
- edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch [RHEL-53009]
- Resolves: RHEL-53009
(No http boot support on edk2-ovmf-20231122-6.el9_4.2 [rhel-8.10.z])
[20220126gitbb1bba3d77-13.el8_10.2]
[20220126gitbb1bba3d77-13.el8_10.1]
- edk2-MdeModulePkg-Change-use-of-EFI_D_-to-DEBUG_.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-Apply-uncrustify-changes.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-NetworkPkg-Apply-uncrustify-changes.p2.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Rename-RdRandGenerateEntropy-to-g.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Remove-ArchGetSupportedRngAlgorit.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Documentation-include-parameter-c.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Check-before-advertising-Cpu-Rng-.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Add-AArch64-RawAlgorithm-support-.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Add-debug-warning-for-NULL-PcdCpu.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Rename-AArch64-RngDxe.c.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Add-Arm-support-of-RngDxe.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Correctly-update-mAvailableAlgoAr.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Conditionally-install-EFI_RNG_PRO.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdeModulePkg-Duplicate-BaseRngLibTimerLib-to-MdeModu.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-SecurityPkg.dec-Move-PcdCpuRngSupportedA.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Use-GetRngGuid-when-probing-RngLi.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Simplify-Rng-algorithm-selection-.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- Resolves: RHEL-21854
(CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-8])
- Resolves: RHEL-21856
(CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-8])
- Resolves: RHEL-40099
(CVE-2024-1298 edk2: Temporary DoS vulnerability [rhel-8.10.z])
ELSA-2026-50388 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50388
http://linux.oracle.com/errata/ELSA-2026-50388.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-5.4.17-2136.357.3.2.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.357.3.2.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.357.3.2.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.357.3.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.357.3.2.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.357.3.2.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.357.3.2.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.357.3.2.el7uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.357.3.2.el7uek.src.rpm
Related CVEs:
CVE-2026-43499
Description of changes:
[5.4.17-2136.357.3.2]
- locking/rtmutex: Skip remove_waiter() when waiter is not enqueued (Davidlohr Bueso) [Orabug: 39706958]
- rtmutex: Use waiter::task instead of current in remove_waiter() (Keenan Dong) [Orabug: 39706958] {CVE-2026-43499}
[5.4.17-2136.357.3.1]
- KVM: x86: Fix shadow paging use-after-free due to unexpected role (Paolo Bonzini) [Orabug: 39673892]
- KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/MMU: Recursively zap nested TDP SPs when zapping last/only parent (Ben Gardon) [Orabug: 39673892]
- KVM: x86/mmu: Move flush logic from mmu_page_zap_pte() to FNAME(invlpg) (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: pull call to drop_large_spte() into __link_shadow_page() (Paolo Bonzini) [Orabug: 39673892]
- KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (Like Xu) [Orabug: 39673892]
- KVM: MMU: load PDPTRs outside mmu_lock (Paolo Bonzini) [Orabug: 39673892]
- KVM: x86/mmu: Check PDPTRs before allocating PAE roots (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Always pass 0 for @quadrant when gptes are 8 bytes (David Matlack) [Orabug: 39673892]
- KVM: x86/mmu: Derive shadow MMU page role from parent (David Matlack) [Orabug: 39673892]
- KVM: X86: Remove useless code to set role.gpte_is_8_bytes when role.direct (Lai Jiangshan) [Orabug: 39673892]
- KVM: X86: Synchronize the shadow pagetable before link it (Lai Jiangshan) [Orabug: 39673892]
- KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (Lai Jiangshan) [Orabug: 39673892]
- KVM: x86/mmu: Refactor shadow walk in __direct_map() to reduce indentation (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Stop passing "direct" to mmu_alloc_root() (David Matlack) [Orabug: 39673892]
- KVM: x86/mmu: Use a bool for direct (David Matlack) [Orabug: 39673892]
- kvm: mmu: Replace unsigned with unsigned int for PTE access (Ben Gardon) [Orabug: 39673892]
- KVM: x86/mmu: Ensure MMU pages are available when allocating roots (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Allocate pae_root and lm_root pages in dedicated helper (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Allocate the lm_root before allocating PAE roots (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Capture 'mmu' in a local variable when allocating roots (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Alloc page for PDPTEs when shadowing 32-bit NPT with 64-bit (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Stash 'kvm' in a local variable in kvm_mmu_free_roots() (Sean Christopherson) [Orabug: 39673892]
- KVM: x86/mmu: Add a helper to consolidate root sp allocation (Sean Christopherson) [Orabug: 39673892]
- net/sched: act_pedit: fix action bind logic (Pedro Tammela) [Orabug: 39680880]
- net/sched: act_pedit: free pedit keys on bail from offset check (Pedro Tammela) [Orabug: 39680880]
- net/sched: fix pedit partial COW leading to page cache corruption (Rajat Gupta) [Orabug: 39680880] {CVE-2026-46331}
- net/sched: act_pedit: Parse L3 Header for L4 offset (Max Tottenham) [Orabug: 39680880]
- net/sched: act_pedit: rate limit datapath messages (Pedro Tammela) [Orabug: 39680880]
- net/sched: act_pedit: check static offsets a priori (Pedro Tammela) [Orabug: 39680880]
- net/sched: act_pedit: remove extra check for key type (Pedro Tammela) [Orabug: 39680880]
- net/sched: simplify tcf_pedit_act (Pedro Tammela) [Orabug: 39680880]
- net/sched: transition act_pedit to rcu and percpu stats (Pedro Tammela) [Orabug: 39680880]
- net/sched: act_pedit: use NLA_POLICY for parsing 'ex' keys (Pedro Tammela) [Orabug: 39680880]
[5.4.17-2136.357.3]
- net: skbuff: fix missing zerocopy reference in pskb_carve helpers (Minh Nguyen) [Orabug: 39619389] {CVE-2026-52943}
[5.4.17-2136.357.2]
- net: fix fanout UAF in packet_release() via NETDEV_UP race (Yochai Eisenrich) [Orabug: 39250953] {CVE-2026-31504}
- x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers (Dan Williams) [Orabug: 39429802]
- x86/kaslr: Reduce KASLR entropy on most x86 systems (Balbir Singh) [Orabug: 39429802]
- net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (Cezar Bulinaru) [Orabug: 39526882] {CVE-2022-50073}
- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39548666] {CVE-2025-10263}
- arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39548666]
- ARM: uek: Disable CONFIG_QCOM_FALKOR_ERRATUM_1003 (Boris Ostrovsky) [Orabug: 39548666]
- arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39548666]
- arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39548666]
- arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39548666]
- ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (Eric Dumazet) [Orabug: 39300926] {CVE-2026-43037}
[5.4.17-2136.357.1]
- batman-adv: hold claim backbone gateways by reference (Haoze Xie) [Orabug: 39262375] {CVE-2026-31657}
- scsi: fcoe: Reject FIP descriptors with zero fip_dlen in CVL walker (Michael Bommarito) [Orabug: 39446045]
- scsi: target: iscsi: Fix CRC overread and double-free in iscsit_handle_text_cmd() (Michael Bommarito) [Orabug: 39446045]
- scsi: target: iscsi: Bound iscsi_encode_text_output() appends to rsp_buf (Michael Bommarito) [Orabug: 39446045]
- rds: Drop rds conn in connect worker if not in down state. (Rohit Nair) [Orabug: 39152239]
[5.4.17-2136.356.4.1]
- smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada) [Orabug: 39463669] {CVE-2026-46243}
[5.4.17-2136.356.4]
- tun: free page on build_skb failure in tun_xdp_one() (Weiming Shi) [Orabug: 39429147]
- tap: free page on error paths in tap_get_user_xdp() (Weiming Shi) [Orabug: 39429147]
- tun: free page on short-frame rejection in tun_xdp_one() (Weiming Shi) [Orabug: 39429147]
[5.4.17-2136.356.3]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39384275,39391459] {CVE-2026-46333}
- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39368828,39441326] {CVE-2026-43503,CVE-2026-46300}
- net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39368828] {CVE-2026-46300}
[5.4.17-2136.356.2]
- nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39167617,39368718] {CVE-2026-31402}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi) [Orabug: 38985173,39368732] {CVE-2026-23216}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi) [Orabug: 38970455,39368774] {CVE-2026-23193}
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39334580,39367147] {CVE-2026-43284}
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39218897] {CVE-2025-54518}
[5.4.17-2136.356.1]
- arm64/kvm: Include linux/random.h in trng.c (Siddh Raman Pant) [Orabug: 39327096]
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Tam Nguyen) [Orabug: 39174662]
- i2c: designware: Handle invalid SMBus block data response length value (Tam Nguyen) [Orabug: 39174662]
- i2c: designware: fix __i2c_dw_disable() in case master is holding SCL low (Yann Sionneau) [Orabug: 39174662]
ELBA-2026-36731 Oracle Linux 8 libusbx bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-36731
http://linux.oracle.com/errata/ELBA-2026-36731.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
libusbx-1.0.30-1.el8_10.i686.rpm
libusbx-1.0.30-1.el8_10.x86_64.rpm
libusbx-devel-1.0.30-1.el8_10.i686.rpm
libusbx-devel-1.0.30-1.el8_10.x86_64.rpm
libusbx-devel-doc-1.0.30-1.el8_10.noarch.rpm
aarch64:
libusbx-1.0.30-1.el8_10.aarch64.rpm
libusbx-devel-1.0.30-1.el8_10.aarch64.rpm
libusbx-devel-doc-1.0.30-1.el8_10.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libusbx-1.0.30-1.el8_10.src.rpm
Description of changes:
[1.0.30-1]
- The release 1.0.30 resolves major bugs
- Include the new API for fwupd backporting
Resovles: RHEL-184258
ELBA-2026-36725 Oracle Linux 8 nfs-utils bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-36725
http://linux.oracle.com/errata/ELBA-2026-36725.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
libnfsidmap-2.3.3-69.0.1.el8_10.i686.rpm
libnfsidmap-2.3.3-69.0.1.el8_10.x86_64.rpm
libnfsidmap-devel-2.3.3-69.0.1.el8_10.i686.rpm
libnfsidmap-devel-2.3.3-69.0.1.el8_10.x86_64.rpm
nfs-utils-2.3.3-69.0.1.el8_10.x86_64.rpm
aarch64:
libnfsidmap-2.3.3-69.0.1.el8_10.aarch64.rpm
libnfsidmap-devel-2.3.3-69.0.1.el8_10.aarch64.rpm
nfs-utils-2.3.3-69.0.1.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/nfs-utils-2.3.3-69.0.1.el8_10.src.rpm
Description of changes:
[2.3.3-69.0.1]
- nfsd: allow more than 64 backlogged connections
- spec: remove multiple warnings when upgrading nfs-utils with gssproxy [Orabug: 35173372]
[2.3.3-69]
- nfsrahead: enable event-driven mountinfo monitoring and skip non-NFS devices (RHEL-150760)
- nfsrahead: zero-initialise device_info struct (RHEL-150760)
- nfsrahead: quieten misleading error for non-NFS block devices (RHEL-150760)
ELSA-2026-35830 Important: Oracle Linux 8 grafana security update
Oracle Linux Security Advisory ELSA-2026-35830
http://linux.oracle.com/errata/ELSA-2026-35830.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
grafana-9.2.10-31.0.1.el8_10.x86_64.rpm
grafana-selinux-9.2.10-31.0.1.el8_10.x86_64.rpm
aarch64:
grafana-9.2.10-31.0.1.el8_10.aarch64.rpm
grafana-selinux-9.2.10-31.0.1.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/grafana-9.2.10-31.0.1.el8_10.src.rpm
Related CVEs:
CVE-2026-39821
Description of changes:
[9.2.10-31.0.1]
- Fixes CVE-2024-1442 Add email verification when updating user email [Orabug: 38550520]
[9.2.10-31]
- Resolves RHEL-183728: CVE-2026-39821
ELBA-2026-36724 Oracle Linux 8 gdm and gnome-shell bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-36724
http://linux.oracle.com/errata/ELBA-2026-36724.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
gdm-40.0-28.el8_10.i686.rpm
gdm-40.0-28.el8_10.x86_64.rpm
gdm-devel-40.0-28.el8_10.i686.rpm
gdm-devel-40.0-28.el8_10.x86_64.rpm
gdm-pam-extensions-devel-40.0-28.el8_10.i686.rpm
gdm-pam-extensions-devel-40.0-28.el8_10.x86_64.rpm
gnome-shell-3.32.2-60.el8_10.x86_64.rpm
aarch64:
gdm-40.0-28.el8_10.aarch64.rpm
gdm-devel-40.0-28.el8_10.aarch64.rpm
gdm-pam-extensions-devel-40.0-28.el8_10.aarch64.rpm
gnome-shell-3.32.2-60.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/gdm-40.0-28.el8_10.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/gnome-shell-3.32.2-60.el8_10.src.rpm
Description of changes:
gdm
[40.0-28]
- Fix recovering client proxies
Resolves: RHEL-185770
gnome-shell
[3.32.2-60]
- Backport fix to recover userVerifier
Resolves: RHEL-185731
New Ksplice updates for UEKR8 6.12.0 on OL9 and OL10 (ELSA-2026-50319)
Synopsis: ELSA-2026-50319 can now be patched using Ksplice
CVEs: CVE-2026-23272 CVE-2026-31419 CVE-2026-31504 CVE-2026-31533 CVE-2026-31657 CVE-2026-31669 CVE-2026-43037 CVE-2026-43074 CVE-2026-43499 CVE-2026-46113 CVE-2026-46116 CVE-2026-53163
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2026-50319.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2026-50319.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR8 6.12.0 on
OL9 and OL10 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2026-23272: Use-after-free in Netfilter driver.
Orabug: 39562729
* CVE-2026-31419: Use-after-free in Bonding driver.
Orabug: 39556377
* CVE-2026-31504: Use-after-free in Packet socket driver.
Orabug: 39556380
* CVE-2026-31533: Use-after-free in Transport Layer Security driver.
Orabug: 39556386
* CVE-2026-31657: Use-after-free in Bridge Loop Avoidance driver.
Orabug: 39556388
* CVE-2026-31669: Use-after-free in MPTCP: Multipath TCP driver.
Orabug: 39556381
* CVE-2026-43037: Out-of-bounds write in IPv6: IP-in-IPv6 tunnel (RFC2473) driver.
Orabug: 39556341
* CVE-2026-43074: Use-after-free in epoll.
Orabug: 39556391
* CVE-2026-43499, CVE-2026-53163: Use-after-free in core kernel RT-mutex.
Orabug: 39556379
* CVE-2026-46113: Use-after-free in KVM shadow paging.
Orabug: 39673880
* CVE-2026-46116: Use-after-free in XFRM.
Orabug: 39556375
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.